This Guy Found out, How To Hack Facebook Page using a Zero-Day?

Facebook Pages becoming a superlative media for every businesses to promote their products to customer’s.  Facebook Pages allow brands, businesses, organisations and public figures to list there products and engage there audience. Anyone with a Facebook account can Create Page and reach out to their prospective buyers and audience.

Everyone wanted to hack Facebook Pages by using simple hack tools or else do the hard work, but Indian hacker made it possible by finding an exploit which can lead him to hack any page he wanted even’s Obama Official Facebook Page.

His name is Arun Sureshkumar, He’s an Indian security researcher who found out about this exploit and reported to Facebook for bug bounty program. In return he was rewarded 16k USD as a part of bug bounty program. In Facebook’s case, IDOR vulerability in Facebook Manager allowed him to take over any Facebook Page in less than 10 seconds. Incase you wanna read about IDOR vulnerability click here.

Arun Sureshkumar found that he could deceive Facebook into allowing to access any Facebook Page through its Business Manager zero-day using Insecure Direct Object References vulnerability. Here is a video Arun’s Facebook hack PoC :

How To Hack Facebook Page

Arun informed Facebook about the vulnerability and the FB Security Team acknowledged that the zero-day is highly critical. Facebook temporarily patched the flaw by removing the end-point and then issued an update to completely patch the zero-day in a week. Arun was paid $16,000 for his bug discovery.

How To Hack Facebook Page

He has his own blog where he wrote about his vulnerability, Arun Sureshkumar.

One Comment

  1. some days ago i said i was going to confirm legit ethnical hacker with professional certificate he helped me hack my cheating partner, he hack email,facebook,snapchat,whatsapp,Verified Paypal accounts hack ,Bypassing of Icloud,instagram,Clearing of criminal records, change your final grade,Games,hack into a company email account call log,and listened to all his calls and upgrading result making changes in database, such as your college/university grades,Retrival of lost files,preventing you from been hacked or tracked,You can reach out to him for any hack related exploit… he write you a quote within 24hours alongside details on mode of operation {@[email protected]} for an effecitive service and consider your big problems solved…

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button