Spoof anyone and post anything to a Facebook group
July 6th, 2017 | No Comments
STAFF REPORT: *An issue is found in Facebook groups, which enable anyone to post anything on behalf of any group member in a Facebook group. The consequences in lieu of current Cybercrime bill of Pakistan can land anyone in jail or sentenced to death.According to details, most recently a Pakistan IT expert Zahid Ali found a glitch in Facebook group area where anyone can post anything either illicit or blasphemous material on behalf of any group member in a Facebook group.
Highlighting the issue to media Zahid Ali told, “I was looking for some other ways to post in Facebook groups which landed me to a certain link; that enabled me to post anything on behalf of any group member. So, it is easy to manipulate the account of any group member, which may cause not only reputation loss but also a threat to that member life.”
Facebook groups are one of the most popular features where members can comment and like posts, so it’s easy to discuss anything with just the people they want. There have been instances where such discussions have landed people in jail.
“That being the case, what if I could post something on behalf of you in a Facebook group? Well, the after effect depends on what I post on your behalf, doesn’t it? Apparently, there existed a vulnerability which could let you spoof anyone and post anything to a Facebook group”, Zahid Ali added.
“The only catch here was that you should be knowing the email address to spoof a member of a group. But there was a way around for this as well”, he further added.
Facebook has fixed the bug immediately, but that cost them 7500 USD, which is a Bounty Award to Zahid Ali by Facebook.
Published in: Volume 08 Issue 28
Short Link: https://www.technologytimes.pk/?p=17310