Facebook bounty hunter Laxman Muthiyah from India has recently discovered his third bug of this year in the widely popular social network website that just made a new record by touching 1 Billion users in a single day.

Bạn đang xem: Hacking facebook pages? hackers demonstrated how to do it in 10 secssecurity affairs

At the beginning of the year, Laxman discovered a serious flaw in Facebook graphs that allowed hyên khổng lồ view or probably delete others photo lớn album on Facebook, even without having authentication.
Just after a month, Laxman uncovered another critical vulnerability in the social network platkhung that resided in the Facebook Pholớn Sync feature, that automatically uploads photos from your điện thoại device lớn a private Facebook album, which isn"t visible lớn any of your Facebook friends or other Facebook users.


However, the flaw discovered by Laxman could allowed any third-các buổi party tiện ích lớn access và steal your personal photographs from the hidden Facebook Photo Sync album.
Now, the lachạy thử bug in Laxman"s các mục could allow attackers khổng lồ take over control of your Facebook pages.
This time Laxman has found an issue with the "Facebook business pages" that are not specific lớn a single user account, but instead represent a business and are usually managed by a number of users.
However, Laxman could allow third-party apps to take complete control of a Facebook business page with limited permissions, possibly making the victlặng permanently thua trận administrator access khổng lồ the page.

Xem thêm: Top Ảnh Comment Facebook Bá Đạo, Độc Đáo Hài Hước, Top Hình Ảnh Comment Facebook Hay Nhất, Độc Nhất

Third buổi tiệc ngọt Facebook applications are capable of performing all sets of operations, including post status on your behalf, publishing photos, & other tasks, but Facebook doesn"t allow them khổng lồ add or modify page admin roles.
Facebook allows a page administrator lớn assign different roles lớn different people in the organisation through manage_pages, a special access permission requested by third-các buổi tiệc nhỏ apps.
However, according to Laxman, an attacker can use a simple string of requests in an attempt to lớn make himself as admin of the particular Facebook page.
POST /PGID/userpermissions HTTP/1.1Host: graph.facebook.comContent-Length: 245role=MANAGER&user=X&business=B&access_token=AAAA…
Here, page PGID belongs lớn business B, where one can manage_pages request lớn make user "X" as a MANAGER (assign as an administrator) of the page.
This means these small changes in the request parameters could allow an attacker khổng lồ gain complete control over your Facebook page.
Laxman has also provided a Clip demonstration that shows the attaông chồng in work. You can watch the Clip given below that will walk you through the entire procedure:
Hacking Facebook PagesAnother Serious Vulnerability in FacebookVulnerability : Hacking Facebook PagesStatus : FixedReward $2500 USDProof Of Concept : https://www.7xter.com/2015/08/hacking-facebook-pages.htmlPosted by 7xter on Wednesday, August 26, 2015
Laxman reported the flaw khổng lồ the Facebook security team và received the reward of $2500 USD as a part of Facebook"s bug bounty program.
Though the social network has now fixed the loophole, you must always be aware of the permissions you grant lớn any third-buổi tiệc ngọt applications.
Found this article interesting? Follow TTP Hà Nội on Facebook, Twitter  và LinkedIn khổng lồ read more exclusive sầu content we post.
Share on FacebookShare on TwitterShare on LinkedinShare on RedditShare on Hacker NewsShare on EmailShare on WhatsApp




10 courses + 1,236 lessons on lathử nghiệm techniques, forensics, malware analysis, network security và programming.

Xem thêm: Hướng Dẫn Và Phân Tích Cách Viết Quảng Cáo, Viết Quảng Cáo

Sign up for cybersecurity newsletter and get lakiểm tra news updates delivered straight to your inbox daily.

Chuyên mục: Kinh doanh online