Logical Bug on Facebook Pages | Writeup by Uttam Soren
Labels:
Facebook Bugs,
Uttam Soren
A few days ago we have posted writeup of a Bug in Facebook Acquisitions allows to access anyone's account by Uttam Soren. Today we gonna post writeup of Logical Bug on Facebook Pages again by Uttam Soren..
As per him, On the month of July,2014 I found a Logical Bug on Facebook Pages. There were two issues on the Facebook Pages.
1. Normal User Blocks the Admin of a Facebook Page:
It was very simple i.e. block the admin of any Facebook Page then you could post on that page and your posts to the page would not be visible to admin hence admin cannot delete your posts or comments and also cannot ban you from that page.
2. Admin Blocks the Other Admin of Same Page:
If a page has two or more than two admins then if any one admin posts on behalf of page then other admins can see who has posted that particular post as there would be information about it like "Posted by Uttam Soren".
But I found that if one adimn (Admin_1) blocks the other admin (Admin_2) or admins (Admin_3, Admin_4, Admin_5,...) of same page then if Admin_1 posts on behalf of page then other admins (Admin_2, Admin_3, Admin_4,...) cannot know who has posted that post as the information will not shown to them as they were blocked by Admin_1 and only post time is visible to them.
I quickly reported both isuses to Facebook. First issue got duplicate as someone had already reported it to Facebook but second issue was unknown to them.
Later they fixed the bug and rewarded me with $500 USD.
Timeline :
============
SAT, JUL 19, 2014 11:51 AM - Report Sent
WED, JUL 23, 2014 3:30 AM - Escalation by Facebook
SAT, AUG 2, 2014 5:55 PM - Fix Deployed by Facebook
SAT, AUG 2, 2014 5:55 PM - Bounty Awarded of $500 USD by Facebook
As per him, On the month of July,2014 I found a Logical Bug on Facebook Pages. There were two issues on the Facebook Pages.
1. Normal User Blocks the Admin of a Facebook Page:
It was very simple i.e. block the admin of any Facebook Page then you could post on that page and your posts to the page would not be visible to admin hence admin cannot delete your posts or comments and also cannot ban you from that page.
2. Admin Blocks the Other Admin of Same Page:
If a page has two or more than two admins then if any one admin posts on behalf of page then other admins can see who has posted that particular post as there would be information about it like "Posted by Uttam Soren".
But I found that if one adimn (Admin_1) blocks the other admin (Admin_2) or admins (Admin_3, Admin_4, Admin_5,...) of same page then if Admin_1 posts on behalf of page then other admins (Admin_2, Admin_3, Admin_4,...) cannot know who has posted that post as the information will not shown to them as they were blocked by Admin_1 and only post time is visible to them.
I quickly reported both isuses to Facebook. First issue got duplicate as someone had already reported it to Facebook but second issue was unknown to them.
Later they fixed the bug and rewarded me with $500 USD.
Timeline :
============
SAT, JUL 19, 2014 11:51 AM - Report Sent
WED, JUL 23, 2014 3:30 AM - Escalation by Facebook
SAT, AUG 2, 2014 5:55 PM - Fix Deployed by Facebook
SAT, AUG 2, 2014 5:55 PM - Bounty Awarded of $500 USD by Facebook
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment