Skip to main content

Anand Prakash Hacked Facebook and earned $15,000 USD

This post is about a simple vulnerability found on Facebook which could have been used to hack into other user's Facebook account easily without any user interaction. This gave Anand Prakash full access of another users account by setting a new password. He was able to view messages, his credit/debit cards stored under payment section, personal photos etc. Facebook acknowledged the issue promptly, fixed it and rewarded $15,000 USD considering the severity and impact of the vulnerability.
Description:
Whenever a user Forgets his password on Facebook, he has an option to reset the password by entering his phone number/ email address on https://www.facebook.com/login/identify?ctx=recover&lwv=110 ,Facebook will then send a 6 digit code on his phone number/email address which user has to enter in order to set a new password. He tried to brute the 6 digit code on www.facebook.com and was blocked after 10-12 invalid attempts.
Then He looked out for the same issue on beta.facebook.com and mbasic.beta.facebook.com and interestingly rate limiting was missing on forgot password endpoints. He tried to takeover his account ( as per Facebook's policy you should not do any harm on any other users account) and was successful in setting new password for my account. He could then use the same password to login in the account.

Video POC


As you can see in the video he was able to set a new password of the user by brute forcing the code which was sent to your email address/phone number.
Vulnerable request:
POST /recover/as/code/ HTTP/1.1 Host: beta.facebook.com
lsd=AVoywo13&n=XXXXX

Brute forcing the "n" successfully allowed me to set new password for any Facebook user.

Comments

  1. Anand Prakash Hacked Facebook And Earned $15,000 Usd >>>>> Download Now

    >>>>> Download Full

    Anand Prakash Hacked Facebook And Earned $15,000 Usd >>>>> Download LINK

    >>>>> Download Now

    Anand Prakash Hacked Facebook And Earned $15,000 Usd >>>>> Download Full

    >>>>> Download LINK xD

    ReplyDelete

Post a Comment

Popular posts from this blog

Ten Important Rules Of Ethical Hacking

The world of ethical hacking too is bound by a set of rules and principles, here are 10 crucial ones!   Time and again we have been bringing you valuable resources on ethical hacking since we know and understand the nature of things as far as security goes. Ethical hacking is picking up steam each day with more and more organisations spending heftily to maintain the sanctity of their systems and data. As such, ethical hacking is a glorious career option in the current scheme of things. 1.Set your goals straight To begin with, an ethical hacker must start thinking like the intruder. He must be able to identify the loopholes on the target access points or networks that are prone to attack, he must be aware of the repercussions of these loopholes and how the intruder can use it against the same. An ethical hacker then has to find out if anyone at the target notice the intruder's attempts to carry out his/her acts. Finding out and eliminating unauthorised wireless access point...

Here Are 7 Brilliant Cheat Sheets For Linux/Unix

There's nothing better than a cheatsheet when you are stuck and need a reference. So here bringing to you 7 brilliant free cheat sheets.  1. Unix Tool Box : An incredibly exhaustive reference for all things Linux. This document is a collection of Unix/Linux/BSD commands and tasks which are useful for IT work or for advanced users. 2. One page Linux Manual : Great one page reference to the most popular Linux commands, it is a summary of useful Linux commands. 3. Linux Reference Card : One great reference published by FOSSwire. 4. Linux Command Line Cheat Sheet : This is an interestingly sorted and helpful cheat sheet by cheatography. 5. Linux Command Line Tips : This is a linux command line reference for common operations. Cleanly sorted and well described. 6. Treebeard’s Unix Cheat Sheet : A great reference that shows command comparisons with that of DOS. So if you are someone who was a DOS user and has switched to Linux, this is the best one too have! 7. Linux Shor...

10 Online Courses To Learn Artificial Intelligence!

Remember movies like AI, Terminator and I Robot? Want to build such machines of your own? Take these courses, keep at it and you just might get there!    Artificial Intelligence is one of the most interesting fields available to any technology oriented mind. This amalgamation of robotics, computer science, electronics and other things, is aimed at building a superior robot (or an organism) that can think and function at par with humans. The subject is not only fascinating, it also includes very advanced technology. Here are 10 online courses that will make learning about AI a little simpler for you. Some of these offer certifications for free too! 1. Artificial Intelligence 2. Einführung in Computer Vision (Coursera) 3. Discrete Inference and Learning in Artificial Vision (Coursera) 4. Advanced Artificial Intelligence (saylor.org) 5. Machine Learning (Caltech) 6. Introduction to Artificial Intelligence (Udacity) 7. Artifi...