Man Receives $10,000 For Finding A Way To Delete Any Facebook Video

Imagine that your friend uploaded a video about you and your friend's stellar drunken adventures on Facebook. You are sure it would leave you looking bad. You want to have that video erased from history. Here's the problem, it was not your upload, so it sits on Facebook for future views, likes, and shares.

Here comes Dan Melamed, a security researcher who found a simple and smart way to delete any video he wanted out on Facebook. The hack which was discovered back in June 2016 involves intercepting a piece of visible URL.

According to a Monday blog post by Melamed, the vulnerability is the same with another bug that can delete user videos discovered by an Indian security researcher and penetration tester named Pranav Hivarekar.

The security researcher further explains in his blog how to exploit the video deletion flaw. First, the hacker must either visit or make a public event page. Afterward, you visit the Discussion tab and create an event post by uploading a photo or video.

The post request which looks like this: "https://www.facebook.com/media/upload/photos/composer/?av=&dpr=1". The post request for the upload will need interception. You can then replace the video ID with any video on Facebook in the vulnerable parameter called "composer_ unpublished_ photo[0]=

The server then states the content is no longer available, but the video will still be attached to the event post made. After refreshing the Events Discussion page, you can now delete the post. A dialog box will appear saying: "You are about to delete this post. The video will also be removed from Photos and Videos." The video will then be deleted after 20 to 30 seconds after you confirm the deletion.

Melamed created a video demonstration of the hack and sent it to Facebook. The demo was confirmed to have already been deleted by July 1, 2016, but a video demo of the hack has been attached in his recent blog post. By July 15, Melamed collected a good 10,000 USD bounty from Facebook.

© 2024 iTech Post All rights reserved. Do not reproduce without permission.

Tags Facebook

More from iTechPost

Real Time Analytics