Facebook IDOR bug in GraphQL
Apr 29, 2019•Channel
AI Analysis
Data from YouTube Data API v3•Updated Just now
Video Overview
Video Details
PublishedApr 29, 2019
Duration1:48
Video IDlY_5FHhRVko
Languagear
CategoryScience & Technology
PrivacyPublic
Made for KidsNo
Video TypeRegular Video
Performance Metrics
Views11.9K
Likes290
Comments76
Engagement Rate3.07%
Likes per 100 views2.43
Comments per 1K views6.37
Description
Acknowledged by "FaceBook" Security Team
Today in Amman, Jordan
Got acknowledged by Facebook Security Team After discovering a security issues in a "portal" store "https://portal.facebook.com" A store dedicated to the sale of "Portal and Portal+" devices provided by Facebook recently.
The vulnerability type "IDOR": allows any potential attacker to change the account settings for another user
حصلت على أعتراف من الفريق الامني في شركه فيسبوك بعد أبلاغي عن خلل أمني متجر https://portal.facebook.com المخصص لبيع أجهزة الاتصال portal & portal+ التي وفرتها فيسبوك مؤخرا.
نوع الثغره "IDOR" تسمح لأي مهاجم محتمل بتغير اعدادت الحساب لاي مستخدم اخر على خدمة https://portal.facebook.com
PoC : https://youtu.be/lY_5FHhRVko
HOF : https://web.facebook.com/whitehat/thanks/
Timeline:
10/10/2018 Me, Submitted Report
15/10/2018 FB, Need More Info and Sent a reply
18/10/2018 FB, Need More Info and Sent a reply
22/10/2018 FB, Reproduce my report
25/10/2018 FB, Report Triaged
07/11/2018 Me, Ask any update?
14/12/2018 Me, Ask Any Update?
25/01/2019 Me, Ask Any Update?
26/02/2019 Me, Ask Any Update?
26/02/2019 FB, Apologize to daley!!
01/03/2019 Me, ask any update?
15/04/2019 Me, ask any update?
15/04/2019 FB, Issue Fixed and confirm
29/04/2019 FB, bounty awrded