Not valid bug that leads to us a multiple Valid Report in Facebook

3 years ago 183
BOOK THIS SPACE FOR AD
ARTICLE AD

Kntjrld

I’m here again to share my 2nd and 3rd valid report. It’s all about page admin disclosure in Facebook Lite. In my Initial report, Facebook security team says its not valid because my Initial report is admin disclosure through reaction. When I create a post and click "View Post" then tried to react in my own post or in any random comment in my new post, my personal account reflected to who’s reacted instead of my page. Facebook security team clarify that anyone can react in any public post/comment so its hard to identify that its from the admin of the page.

After a few days I found a bug that related to my last report. With all the same procedure, the comment section can disclose admins personal account. Without any sign that you're interacting to your page as your profile, your personal account interact to the page. So I open my last report to discuss my concern and they easily identify what It is.

When admin click "View Post" they're interacting to the page as follower so when they want to comment something, their personal identity interact to the page.

//Now they removed that "View Post" thingy

First PoC(Not Valid)
https://drive.google.com/file/d/12OpcZkSFTykcYEoEVM5qWo0MRASpUtIb/view?usp=drivesdk

Second PoC(Valid)
https://drive.google.com/file/d/124J7niY3bapvroQIRuiobXTR6pPG4MRH/view?usp=drivesdk

Read Entire Article