Hacking Any Facebook Accounts using REST API
By Parth Makadiya
Sponsored Links
Stephen Sclafani , a Security Researcher, has discovered a critical security vulnerability in the Social Networking giant Facebook that allowed him to hack any facebook accounts.
"A misconfigured endpoint allowed legacy REST API calls to be made on behalf of any Facebook user using only their user ID" Stephen explained in his blog.
The Facebook REST API is said to be predecessor of Facebook’s current Graph API. He managed to send request to server using this API such that it will update status on behalf of victim.
Stephen found this bug in April 23 and reported to Facebook. After getting notification, Facebook permanently fixed the bug on April 30th. Facebook awarded $20,000 bounty to him for finding and reporting this bug.
"A misconfigured endpoint allowed legacy REST API calls to be made on behalf of any Facebook user using only their user ID" Stephen explained in his blog.
The Facebook REST API is said to be predecessor of Facebook’s current Graph API. He managed to send request to server using this API such that it will update status on behalf of victim.
Stephen found this bug in April 23 and reported to Facebook. After getting notification, Facebook permanently fixed the bug on April 30th. Facebook awarded $20,000 bounty to him for finding and reporting this bug.
Comments