Home / News / Technology news

Techno News

28.11.2017

Vulnerability for $10 thousand

Social network Facebook paid a reward of $10 thousand to a researcher Pouya Daribi. He discovered a serious vulnerability in opinion polls, a new feature on Facebook added less than a month ago. To make the polls visually more attractive Facebook developers provided users with a possibility of adding images and GIFs. To do that the user only needs to select an image or an animation and it's ID will be added to the HTML form submitted to social network's servers.

However, Daribi explained that the criminal could add the ID of absolutely any image that had been already published on Facebook. If the poll afterwards is deleted, then the included image will be deleted from social network for good as well. This vulnerability couldn't be used for a serious cyberattack, but could lead to unpleasant consequences: users that lost their pictures would have obviously been outraged. This is the reason why Daribi's reward under the Bug Bounty program was quite significant. The vulnerability was eliminated two days after the researcher notified Facebook about it.


Back to the list