Palestinian Hacker Posts Facebook Bug Report on Facebook CEO Mark Zuckerberg’s Wall
Palestinian information system expert says he was forced to post a bug report on facebook CEO Mark Zuckerberg’s Facebook page after the social network’s security team failed to recognize that a critical vulnerability he found allows anyone to post on someone’s wall even if they were not friends on facebook.
The vulnerability, which was reported by a Khalil Shreateh Palestinian from Hebron in Palestine, allows any Facebook user to post anything on the walls of other users – even when those users are not included in their list of friends.
Khalil report that exploit through whitehat -> www.facebook.com/whitehat describing to them about the exploit with a link to facebook post that he made to Sarah Goodin’s timeline. Sarah Goodin is the girl that was in the same college with Mark Zuckerberg .
this picture shows the post.
Facebook security replay was that the link gives error opening , of course they didn’t use their authority to view sarah’s privacy posts as Sarah share her timeline posts with her friends only , wrote Khaled in a blog post explaining the incident I was able to view that post cause i’am the one who did post it even i’am not in her friend list.”
” , so i replay back and i said that i has no choice than to post to Mark Zuckerberg’s timeline .
After receiving the reply, Khalil claims he had no choice but to showcase the problem on Mark Zuckerberg’s wall.
“so i did post post to Mark Zuckerberg’s timeline , as those pictures shows : “
“i told him about the exploit and all the report i sent with a link to the last report including facebook security replay , minutes after a facebook security engineer Ola Okelola comment on my picture on facebook asking me to send him all the details about the exploit. “
After that Facebook disabled his account as a precaution.” When we discovered your activity we did not fully know what was happening. Unfortunately your report to our Whitehat system did not have enough technical information for us to take action on it. We cannot respond to reports which do not contain enough detail to allow us to reproduce an issue. When you submit reports in the future, we ask you to please include enough detail to repeat your actions.
We are unfortunately not able to pay you for this vulnerability because your actions violated our Terms of Service. We do hope, however, that you continue to work with us to find vulnerabilities in the site.
We have now re-enabled your Facebook account.”
Here is a video play of the hack by Khalil: