Hello,This is me!

Abdul Wahab

A Security Engineer Bug Bounty Hunter Synack Red Team Member

Saturday, 1 April 2017

Facebook Bugs | By Hacker Wahab


Aslam-O-Alaikum(Hello) Guys Here I am this post Contain all the Bugs I Have Founded in Facebook.

1.Open Redirect & Content Spoofing

Vulnerability Type
Open Redirector
Vulnerability Scope
Mobile Site or App
Title
Open Redirect & Content Spoofing
Description and Impact
Hi,

after Getting A Lots of Low Impact i Come back with an Open Redirector issue.
Reproduction Instructions/Proof of Concept
In the Reporting Section of Facebook all the Sensitive options is Disclose on UrL:-
https://mbasic.facebook.com/nfx/basic/question/?context_str=%7B%22initial_action_name%22%3A%22REPORT_CONTENT%22%2C%22breadcrumbs%22%3A%5B%22offensive%22%2C%22hatespeech%22%2C%22religious%22%5D%2C%22story_location%22%3A%22page%22%2C%22is_from_feed_tombstone%22%3Afalse%2C%22actions_taken%22%3A%22%22%2C%22is_rapid_reporting%22%3Afalse%2C%22reportable_ent_token%22%3A%222237869389770846%22%2C%22is_impostor%22%3A%22%22%7D&redirect_uri=http%3A%2F%2Fwww.hackerwahab.com%2F&prev_action_info=%7B%22action_name%22%3A%22UNSUBSCRIBE%22%2C%22completed_title%22%3A%22Posts+from+%5Cu200e%5Cu0645%5Cu0648%5Cu0644%5Cu0648%5Cu06cc+%5Cu0628%5Cu0631%5Cu0642%5Cu0639%5Cu06c1%5Cu200e+hidden%22%2C%22completed_subtitle%22%3A%22Poc+is+of+OPEN+REDIRECT+AND+CONTENT+SPOOFING.%22%7D&av=100015350014851&_rdr

After redirect_uri= we can add vuln web like i added in above url and after Completed_Subtitle you can add Content Spoofing Text.

As We interested in open redirect Click Done Then in Survey They Ask Community Stars Give Them Than Click Next then Click Submit a new page Open With Vulnerable URL
Video PoC:-
https://youtu.be/oFTKN7WWvQs
Thanks,
ABDULWAHAB,
Independent Cyber Security Researcher,
Is this bug public or known by third parties?
No
Can you reproduce this issue every time?
Yes
How did you find this bug?
Manually / Other

2.Delete Primary Email(Which is Unallowed by Facebook)

Vulnerability Type
Privacy / Authentication
Vulnerability Scope
Mobile Site or App
Title
Delete Primary Email(Which is Unallowed by Facebook)
Description and Impact
Hi,
My Self Abdulwahab.

As You Know That there is no way to delete an Primary Email But i found an indirect way to Delete an Primary Email.
Reproduction Instructions/Proof of Concept
As You can see on {POC 1.png} that there is no way to delete Primary.In Mobile site there is also no way
We can use this url:-
https://m.facebook.com/settings/email/?remove_email&email{Primary email Goes here}&refid=74

to Remove primary Email.
When u Open The Link Account Primary email Deleted as in (POC 2.png)
As i cannot upload video here so i use Youtube
Video PoC( Prv8 ):-
https://youtu.be/BUG1PLnCJjw
Thanks,
ABDULWAHAB,
Independent Cyber Security Researcher,
Is this bug public or known by third parties?
No
Can you reproduce this issue every time?
Yes
How did you find this bug?
Manually / Other

3.Change Account Password Without Knowing Current Password


Vulnerability Type
Privacy / Authentication
Vulnerability Scope
Main Site (www.facebook.com)
Title
Change Account Password Without Knowing Current Password
Description and Impact
Hi,
My name is ABDULWAHAB,I am Writing This to you because i think i can change a Fb Account password of a logged-in Account Without knowing Current Password.
Reproduction Instructions/Proof of Concept
1.Go to Settings
2.On Mobile add a Mobile Number u have access ( Enter You Mobile Number)
3.Logout
4.Click Forget Password
5.Enter Your Mobile Number you recently Added.
6.U Receive Code enter it
7.enter New Password And DONE!

As You See in all Procedure i dont Use Current Password and Account Password Changed

Fix Suggestion:-
ask current Password Field in adding a New Phone number

Thanks,
ABDULWAHAB,
Independent Cyber Security Researcher,
Is this bug public or known by third parties?
No
Can you reproduce this issue every time?
Yes
How did you find this bug?

4.Ip Steal Using Content Injection

Manually / Other
Vulnerability Type
Privacy / Authentication
Vulnerability Scope
Mobile Site or App
Title
Ip Steal Using Content Injection
Description and Impact
Hi.

I Founded an Content Injection issue on mobile site of Facebook.But it has Low impact so i try to increase Risk of Vulnerability so I found a Serious Problem IP STEAL.
Reproduction Instructions/Proof of Concept
1.Open Kali Linux terminal
2.Command to Listen on Port
nc -lvnp 1337 u can use any port
3.Login in to Facebook Account
4.Use this Port with YourIp In Such Way:-
https://m.facebook.com/deactivate/incentives/?carrier_name=HACKED BY ABDULWAHAB&carrier_logo_src=http://192.168.1.16:1337/&free_days=25555
5.When User Opens This Page Ip is Captured.
Video Poc:-
https://youtu.be/g2naYvWm4j0
Thanks,
ABDULWAHAB,
Independent Cyber Security Researcher,
Is this bug public or known by third parties?
No
Can you reproduce this issue every time?
Yes
How did you find this bug?
Manually / Other

5.Content Spoofing

Vulnerability Type
Other Vulnerability
Vulnerability Scope
Mobile Site or App
Title
Content Injection
Reproduction Instructions/Proof of Concept
1. goto Deactivate account
2. Choose any Condition
3.Click Deactivate
4.Now You see an add
5.Customize it by using its uRL

Thanks,
ABDULWAHAB,
Independent Cyber Security Researcher,
Is this bug public or known by third parties?
No
Can you reproduce this issue every time?
Yes
How did you find this bug?
Manually / Other

Video PoC(ALL BUGS):-


Lorem ipsum dolor sit amet, consectetuer adipiscing elit, sed diam nonummy nibh euismod tincidunt ut laoreet dolore magna Veniam, quis nostrud exerci tation ullamcorper suscipit lobortis nisl ut aliquip ex ea commodo consequat.

0 comments:

Post a comment

SEND ME A MESSAGE

Search

Hi There, I am

Instagram

About Me

My photo
Turning my passion into my professional life. Love to break road and dig deeper as much as possible. Believe in no system is secure. Acknowledged by Google,Facebook,Paypal,Twitter and 250+ tech giants.

About Me

Social media

Flickr

Popular Posts