Facebook has a bounty program under which, hackers and security experts can find and submit different vulnerabilities in the social network. However, apparently the security team isn’t exactly amicable towards such submissions, something which recently forced a hacker to post a critical vulnerability on Mark Zuckerberg‘s Facebook wall.
The vulnerability that was discovered by a Palestinian hacker essentially allows a user to post on another user’s wall, regardless of what the privacy settings of that user are. For instance, even if the other user is not in your friend list, you can post to his/her Facebook wall by exploiting this vulnerability.
Going by the name of ‘Khalil Shreateh’, the hacker tried to reach out to the Facebook security team and highlight this vulnerability. However, the security team refused to deem it a vulnerability and ignored it.
Frustrated by these responses, the hacker then posted the deatils of the vulnerability on Mark Zuckerberg’s Facebook wall, thus instantly making headlines. According to the reports, the said vulnerability is in ‘composer.php.’
As soon as Khalil posted the vulnerability on Zuckerberg’s Facebook wall, the security team reached out to him and asked him to submit the details of the exploit. However, after gathering all these details from him, the team refused to pay him for the discovery, citing that his actions had violated Facebook’s security terms of service.
Courtesy: The Hacker News