The web developer from India Laxman Muthiyah discovered the simplest way to delete any photo on the social network Facebook✴. To do this, he needed a mobile client for Android, Facebook✴ Graph API and four lines of code. The vulnerability was found when using Graph API — Functions that allows you to receive and upload user data, and an access marker (Access Token) Facebook✴ For Android — Line of characters that give the application access to the user profile. The code that makes it possible to delete any photo was only four lines.
Having discovered vulnerability, Laxman contacted Facebook✴ And within 12 hours the error was eliminated, and the programmer himself was paid a reward of $ 12,500. However, many observers notice that the social network has become fertilized and the amount of remuneration could be larger, in addition, Laxman could become a valuable addition to the team responsible for security on Facebook✴.
Source:
- Quartz