Skip to main content

A Simple Bug Revealed Admins of Facebook Pages — Find Out How


Facebook Page admins are publicly displayed only if admins have chosen to feature their profiles.

However, there are some situations where you might want to contact a Facebook page admin or want to find out who is the owner of a Facebook page.

Egyptian security researcher Mohamed A. Baset has discovered a severe information disclosure vulnerability in Facebook that could have allowed anyone to expose Facebook page administrator profiles, which is otherwise not supposed to be public information.

Baset claimed to have discovered the vulnerability in less than 3 minutes without any kind of testing or proof of concepts, or any other type of time-consuming processes.
find-facebook-page-admin

In a blog post, Baset said he found the vulnerability, which he described as a "logical error," after receiving an invitation to like a particular Facebook page on which he had previously liked a post.

Facebook has introduced a feature for page admins wherein they can send Facebook invitations to users asking them if they wished to like their page after liking a post, and a few days later, these interacted users may receive an email reminding them of the invitation.

After Baset received one such email invite, he simply opened "show original" drop-down menu option in email. Looking at the email's source code, he noticed that it included the page administrator's name, admin ID and other details.

The researcher then immediately reported the issue to the Facebook Security Team through its Bugcrowd bug bounty program. The company acknowledged the bug and awarded Baset $2,500 for his findings.

Though Facebook has now patched this information disclosure issue, people who have already received one such page invitation can still find out admin details from the invitation emails.
"We were able to verify that under some circumstances page invitations sent to non-friends would inadvertently reveal the name of the page admin which sent them," Facebook said. "We've address the root cause here, and future emails will not contain that information."
 YOU MAY ALSO LIKE:

Labels:
Location: India

Comments

Post a Comment

Popular posts from this blog

[Guide] How to Protect Your Devices Against Meltdown and Spectre Attacks

Recently uncovered two huge processor vulnerabilities called Meltdown and Spectre have taken the whole world by storm, while vendors are rushing out to patch the vulnerabilities in its products. The issues apply to all modern processors and affect nearly all operating systems (Windows, Linux, Android, iOS, macOS, FreeBSD, and more), smartphones and other computing devices made in the past 20 years. What are Spectre and Meltdown? We have explained both, Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5753, CVE-2017-5715), exploitation techniques in our previous article. In short, Spectre and Meltdown are the names of security vulnerabilities found in many processors from Intel, ARM and AMD that could allow attackers to steal your passwords, encryption keys and other private information. Both attacks abuse 'speculative execution' to access privileged memory—including those allocated for the kernel—from a low privileged user process like a malicious app running...
Post a Comment
Read more

Check your Gmail Account Email is Secured or Not After 50 Lacs Gmail account Hacking

World Biggest Hacking 50Lacs Gmail Account Hacked by Russian Hackers. Hack Gmail List Post in Bitsec security forum. This hacking is done in 10 September 2014. Anyone can download  5 Million hacking gmail  list . Your password is compromised publicaly.  So how do you know your account is hacked is or not. This is one of the biggest hack in Gmail account.  So hackers use your gmail account password in illegal purposes. So I recommend you to check your gmail account password. Here we provide a website to check your email in the hacking list. If your name in the hacking list ,so change your password of gmail. Check your name in Gmail Hacking list  Follow the given steps. 1 Go to this website  ISLEAKED.COM  or  haveibeenpwned.com/ 2. Type of email and click on check it. 3. Now you know your account is hacked or not. YOU MAY ALSO LIKE : Make Fake FB Account in 1 Min Without Mobile and email Facebook Moves To Decide What ...
Post a Comment
Read more

Unlocked phones vs. locked phones: Why you should care

Should you get an unlocked phone? The US wireless market is more competitive than ever, which is great news for consumers who have lots of choices when it comes choosing a service provider. But one barrier still exists when trying to switch carriers: the locked smartphone. The end of wireless contracts marked a watershed trend for consumers because it finally opened the door for them to more easily shop around for alternative wireless carriers. But the software locks that carriers put on phones restricting its use on other networks still prevent many consumers from having total freedom when it comes to choosing a provider. Now Verizon, the only wireless carrier that sold its phones unlocked out of the box, is reversing course. The company  said earlier this week  it would begin locking the phones it sells to consumers for an undetermined period of time, which will prevent them from using a SIM card from another carrier. But Verizon promised it would eventually ...
Post a Comment
Read more