Facebook Bug - Posting without permissions on behalf of user by Vivek Bansal

preview_player
Показать описание
Are you using facebook-login in any ANDROID / IOS / Windows / Blackberry or on any website like Quora, Foursquare, Candy Crush Saga, Criminal Case or in any application or website ?
Beware....any application can post any message or image or video on your friend's timeline or on your timeline without asking without you.

Through a script i have written, any application can post any text, image or video on user's and his friend's timeline without taking any permissions or acknowledging user.

Bug :- The bug I reported to Facebook is related to User's privacy.It is related to breach of authentication bridge by posting on User's & his friends wall without taking any Publish Permissions.

Description :- According to Facebook documentation, an application can not post to User's wall & his friends' wall without taking any Publish Permission.

Vulnerability: Using the script i have written, after logging in from Facebook credentials and having acquired only BASIC_PERMISSIONS, script can post any text or share any link on User's and his friends wall, WITHOUT informing user , through a background process.
  1. Vivek Bansal
  2. Facebook (Website)
  3. bug
  4. bounty
  5. facebook bug
  6. bug bounty
Рекомендации по теме
Facebook Bug - 0:05:46

Facebook Bug - Posting without permissions on behalf of user by Vivek Bansal

How To Fix 0:02:04

How To Fix ANY Facebook Bug

Reopened Facebook Bug 0:01:21

Reopened Facebook Bug - Posting without permissions on behalf of user by Vivek Bansal

Fix Getting new 0:01:36

Fix Getting new posts on facebook lite problem

How to Fix 0:02:14

How to Fix No Posts Available on Facebook! (Problem Solved)

Facebook no post 0:05:40

Facebook no post available problem solve | How to Fix No Posts Available on Facebook

Facebook Bug Bounty 0:02:43

Facebook Bug Bounty 2020 || After Posting A Link User Will Unable to View | Moderate The Comment

Facebook Page Posting 0:05:26

Facebook Page Posting Problem FIXED

Fixing Post Falls' 0:02:00

Fixing Post Falls' 'smelly' problem

How to Fix 0:01:43

How to Fix Facebook Post Schedule Option Not Showing Problem।Facebook Post Schedule Option Missing

Your SIM balance 0:03:03

Your SIM balance may be low Facebook problem solve 2024 | facebook video not uploading eror solved

How To Fix 0:01:10

How To Fix Facebook Scrolling Problem | New Update 2023

Fix Facebook Pin 0:01:45

Fix Facebook Pin Post option Not showing problem | Facebook Profile Pin Post Option Not Showing 2024

You Can't Post 0:02:57

You Can't Post Right Now' Facebook Page Post Problem Fixed🔥

Fix Facebook No 0:01:55

Fix Facebook No Posts Available Show In Profile Problem Solve

How to Fix 0:02:49

How to Fix Facebook Newsfeed Not Showing Problem Solved 2024

How to Fix 0:02:06

How to Fix Facebook Scrolling Problem (2024) | Facebook Scroll Problem Solve

Help, I can 0:06:02

Help, I can you no longer schedule posts on Facebook? Problem solving video

How to recover 0:00:30

How to recover Facebook account | two factor authentication code problem fix|how to show backup code

How to Fix 0:03:22

How to Fix Facebook Failed to Post Problem Solved 2023

How To Fix 0:01:40

How To Fix Facebook Reaction Not Working | Fix Facebook Reaction Problem

How To Fix 0:02:06

How To Fix Facebook No Posts Available Problem Solved

How To Fix 0:02:09

How To Fix Facebook App No Post Available Error Problem Solved

Facebook Account Wearing|Facebook 0:00:22

Facebook Account Wearing|Facebook Report Problem Solved

Комментарии
Автор

Wow. Excellent bug found. Facebook has to think about this...

vishallodha
Автор

Facebook security sucks. I usually log In using my facebook in android and web apps. This is really a big bug in facebook. This video is really useful. It also describes how to revoke fb access of all login apps. Great work by the White Hat. 

jatinmalwal
Автор

Nice work.. Never knew fb has some bugs.. Your speculation have made this bug noticeable.. Hope facebook wont keep a scope of such bugs in its application further

erikachakraborty
Автор

Wow. Excellent bug found. Facebook u better watch out. 👍

mehakbhasin
Автор

What the hell... thats y FB should not be the single Social network site....they are already selling our personal info for AD's.


Great job Bansal... 
Tu hi to 1 kam karne wala h humare batch me...keep the good work continue..

nvnntn
Автор

in july'13 a guy name khalil found a bug in facebook and he posted some message on Mark Zuckerburg's wall and this time this guy can post on my and my friend's timeline through any application...wtf is facebook security... :/
Seriously facebook should need to be take care of user's privacy.

Good work by you...great finding.... (y)

ruchiagrawal
Автор

Excellent dear nice work.. Keep it up :)

yogeshkumarpanihar
Автор

ohh shit...it means all the android/ios applications where i am using facebook login like Quora, Gaana.com, Candy crush Saga etc can post on my timeline or my friend's timeline without taking prior permissions from me.

Once again its proved that facebook is not safe for user's privacy.
Great bug found by you...good work... 

vandanagarg
Автор

Great Job Dude..!!! You have done a great job..really appreciable work.. Go for this kind of works in upcoming future too.. you will get much more opportunities with this kind of works in near future.. Best of Luck & Hope For A Great Future Ahead :)

MilindAudichya
Автор

Great job Vivek,        we are not expecting it can be happen earlier, Most of us are using android/ios applications where i am using facebook login like  Gaana.com, Candy crush Saga very frequently, anyone can be post on my timeline. Sometime it creates major problem.
Without taking our permission if anyone can post ..its a big issue.

Thanks buddy you found a great bug...:)

satyaprakashgupta
Автор

great job bro.n its very true even i hv suffered & my many friends also we should take some action against it how can they share our personal informatn...

ankushtailor
Автор

Well done... It's grt job.. Keep it up :)

deepesh
Автор

thank you so much! this was very helpful :)

Mariaj
Автор

how are you posting on friend's timeline without user permission ?
i.e. according to dis video....any application where i logged-in can post on my friend's timeline without asking any permissions....big bug in facebook security.
Good work...

mohitchauhan-yqyk
Автор

Oh Shit...its should not be....Facebook developer should all privacy point keep in their mind..otherwise days are numbered.

satyaprakashgupta
Автор

good job...facebook going to hired u soon...:P

bhanuppindia
Автор

From where do you get the motivation to do all this stuff? I means it takes lot of courage and hardwork. Share with us too.
BTW it was really a great finding.
Keep it up :)

pcbbhn
Автор

wt can we do to reactivate our account help me

Redstarkoushik
Автор

can i get the .py file just for learning...

GopalSinghR
Автор

Now that it's patched.Please share your python code with us :).

bdayvideo