Researcher & Hacker Gets $16,000 For Facebook Hack - Webmasters - Nairaland
Nairaland Forum / Science/Technology / Webmasters / Researcher & Hacker Gets $16,000 For Facebook Hack (380 Views)
I'm Looking For Facebook Group To Purchase / Top Nine Tips For Facebook Advertising / Pay For Facebook Ads In Naira (with Pictures) (2) (3) (4)
(1) (Reply)
| Researcher & Hacker Gets $16,000 For Facebook Hack by hassan4: 7:40am On Sep 23, 2016 |
Arun Sureshkumar, an Indian security researcher, has received a substantial reward from Facebook’s security team after helping the company patch a serious bug in its Facebook Pages feature. The researcher revealed that he was able to identify a method that allowed him to hijack any Facebook Page he wished to, leveraging a flaw in the Facebook Business Manager, an application Facebook created to let businesses manage Facebook Pages in case more than one employee needed access to edit and post content. "Researcher could have hijacked any Facebook Page he wanted" Sureshkumar says that, at the heart of the issue, is an IODR (Insecure Direct Object References) flaw. An attacker that was aware of the flaw could exploit this issue by intercepting HTTP requests made to the Facebook server, finding specific arguments in the request and editing several parameters. The attacker could modify the Facebook page parameter, the Facebook user parameter, and the management role parameter to set himself up as an approved editor for any Facebook Page he’d like. Sureshkumar says the attack worked against any Facebook Page, including the ones of high-profile figures such as Barrack Obama and Bill Gates. "Facebook discovered more bugs thanks to Sureshkumar’s report" The researcher disclosed the issue to Facebook in private, and the company decided to pay him an above-average reward because they discovered and patched several other problems while investigating his report. Back in April 2016, Sureshkumar received another $10,000 from Facebook after he found a way to hijack Facebook accounts by brute-forcing the lookaside.facebook.com subdomain, which Facebook’s team forgot to protect. That bug report was based on another one from Anand Prakash, who discovered in March a method to reset user passwords and take over anyone’s accounts. Sureshkumar recorded proof-of-concept videos for both bugs, which you can view below. https://www.youtube.com/watch?v=BSnksWX5Kn0 https://www.youtube.com/watch?v=PISq04cauOQ |
| Re: Researcher & Hacker Gets $16,000 For Facebook Hack by hardeycute(m): 7:57am On Sep 23, 2016 |
Where one man's knowledge stops,another man's own begins 1 Like |
| Re: Researcher & Hacker Gets $16,000 For Facebook Hack by hassan4: 9:54am On Sep 23, 2016 |
Very true my brother. Got this info from Nigeria's Linux and IT Magazine online. |
(1) (Reply)
Trial I Will Help You Get Adsense / Learn Drupal Training On Nairaland LIVE!!! / Entertainment Twitter Account For Sale With 53k Followers
(Go Up)
| Sections: politics (1) business autos (1) jobs (1) career education (1) romance computers phones travel sports fashion health religion celebs tv-movies music-radio literature webmasters programming techmarket Links: (1) (2) (3) (4) (5) (6) (7) (8) (9) (10) Nairaland - Copyright © 2005 - 2024 Oluwaseun Osewa. All rights reserved. See How To Advertise. 10 |