Security researcher finds Vulnerability in Facebook which could delete any Facebook account but Facebook refuses to pay bounty
Hackers News Bulletin

Thanks for Visiting HNB - Follow us on Various Social Platforms



    
Home / Security Researchers / Ehraz Ahmed / Security researcher finds Vulnerability in Facebook which could delete any Facebook account but Facebook refuses to pay bounty

Security researcher finds Vulnerability in Facebook which could delete any Facebook account but Facebook refuses to pay bounty

UPDATE: The Vulnerability Ehraz Ahmed found was FAKE, Facebook says to computer world:

This is not a real bug. We’ve audited our code to verify that there’s no variant of the proposed exploit that works against this endpoint or any other that we’ve found. Furthermore, we’ve verified in our logs that the ‘test account’ being used in the demonstration video was manually deactivated by visiting https://www.facebook.com/deactivate.php.”

A security researcher from INDIA named Ehraz Ahmed claims that he found a vulnerability by which anyone could use that to delete any Facebook account, he sent an email to us about his latest BUG.

Here is the complete process, he used to delete a facebook account:

Vulnerable Link:

https://www.facebook.com/ajax/whitehat/delete_test_users.php?
fb_dtsg=AQA1E-WE&selected_users[0]=[Victems Profile ID]&__user=[Attackers Profile ID]&__a=1

We can get the profile id by using
http://graph.facebook.com/[username]

Here [username] indicates the username of your facebook profile!

In this Demo we will be using a test profile
Name: Rahul Agnikotri
https://www.facebook.com/hexgroup ( Victems profile) ( this is my test profile)

We can remove any account in Facebook even it is of Mark Zuckerberg or any celebrity

  • Attackers profile id = 1781913563

  • Victems profile id = 100001831297334


https://www.facebook.com/ajax/whitehat/delete_test_users.php?
fb_dtsg=AQA1E-WE&selected_users[0]=100001831297334&__user=1781913563&__a=1

He also uploaded a Video Demonstration of this Vulnerability:

Remote Facebook Account Exploit from Ehraz Ahmed on Vimeo.

He also reported that to Facebook and seems to be recovered at this time. After he reported this harmful BUG to facebook, they replied him that “The bug only works for test accounts” but we also checked out the cache version of the account he deleted and found that the account was not a test one, Ahmed (Security Researcher) also told us the account he deleted was 2 years old.

Last Month a researcher from Palestine hacked Mark Zuckerberg’s timeline to report a BUG and he was also one of them who was not awarded by Facebook because he violated the Terms by hacking Zuckerberg’s timeline.

ALSO READ- How The Zuckerberg’s timeline hacker got hacked by a 17 Years old boy

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

About HNBulletin

Hackers News Bulletin provides you latest hacking and hackers news on one click and keep you aware from the Latest Online Threats.
  • Moncef Morocco

    how i can get this “Attack profil id” pls

Scroll To Top