Facebook Pages becoming a superlative media for every businesses to promote their products to customer’s. Facebook Pages allow brands, businesses, organisations and public figures to list there products and engage there audience. Anyone with a Facebook account can Create Page and reach out to their prospective buyers and audience.
Everyone wanted to hack Facebook Pages by using simple hack tools or else do the hard work, but Indian hacker made it possible by finding an exploit which can lead him to hack any page he wanted even’s Obama Official Facebook Page.
His name is Arun Sureshkumar, He’s an Indian security researcher who found out about this exploit and reported to Facebook for bug bounty program. In return he was rewarded 16k USD as a part of bug bounty program. In Facebook’s case, IDOR vulerability in Facebook Manager allowed him to take over any Facebook Page in less than 10 seconds. Incase you wanna read about IDOR vulnerability click here.
Arun Sureshkumar found that he could deceive Facebook into allowing to access any Facebook Page through its Business Manager zero-day using Insecure Direct Object References vulnerability. Here is a video Arun’s Facebook hack PoC :
How To Hack Facebook Page
Arun informed Facebook about the vulnerability and the FB Security Team acknowledged that the zero-day is highly critical. Facebook temporarily patched the flaw by removing the end-point and then issued an update to completely patch the zero-day in a week. Arun was paid $16,000 for his bug discovery.
He has his own blog where he wrote about his vulnerability, Arun Sureshkumar.