What do people think of Facebook Timeline

Post to Facebook Timeline [Facebook Vulnerability]

Recently we were able to see some bugs, people uploaded animated images and were able to share Facebook pages with animated images. Now a Palestinian hacker has managed to break the privacy of Facebook and post it on the Facebook timeline of non-friends. He could post links, status and photos. The hacker ran a little test on Sarah Gooden's timeline, but later the hacker reported the vulnerability details to Mark Zuckerberg by posting them on his timeline. After posting the details on Mark Zuckerberg's timeline, his Facebook account was banned for a few hours.

The Palestinian hacker named "Khalil" wrote the following post on Mark Zuckerberg's timeline. The privacy of the wall post he made was not shown to the public, only to the hacker and Mark Zuckerberg.

Dear Mark Zuckerberg,

First, I apologize for violating your privacy and post on your wall. I have no choice but to run all of the reports I've sent to the Facebook team.

My name is KHALIL and I come from Palestine.

A few days ago, I discovered a serious Facebook exploit that was allowing users to post on other Facebook users' timeline while not on their friends list.

I report that exploit ran twice the first time I received a retry that my link had an error opening. The other iteration was "Sorry, this is not a bug". Both reports that I sent of
www.facebook.com/whitehat, and as you can see, I'm not on your friends list and yet I can post on your timeline.

This is the last email I sent including the Facebook team replay.
http://pastebin.com/zzi2WYK6

I appreciate your time to read this and ask someone from your company to contact me.

With best regards
khalil

When he didn't get a correct answer from when the Facebook team initially reported, Khalil was forced to post the vulnerability details on Mark Zuckerberg's timeline. He was contacted by Ola Okelola, a software engineer on Facebook. Facebook did not consider the severity of the vulnerability very important.

After Facebook fixed the vulnerability, the team did not include the hacker's name on the Facebook whitehat thank you page for a reason cited by the Facebook team. When someone reports a vulnerability on Facebook, they are usually paid $ 500, but not this time with Khalil, even though the vulnerability was very serious as it was about the privacy of a Facebook user.

[Click on the image to enlarge it]

When the hacker asked for the credits, Khalil was told that he was violating the Facebook website's terms of service and therefore will not be paid.

The hacker Khalil has yet to be paid on Facebook given the severity of the vulnerability he reported to Facebook. His actions that led him to post on Mark Zuckerberg's timeline was that he was initially misrecognized when he reported the vulnerability details to the Facebook team three times.

The hacker who violated privacy settings also made a video of how he sent links, statuses and photos to Facebook users who are not on the friends list.

[youtube F9J8U9ZpEnw]

What do you think of the severity of the vulnerability? What if someone posts on your timeline while he or she is not on your friends list? Comment below.

To support this guy you can donate to Khalil Shreateh.

Similar articles