Home Cyber Attack Facebook Awarded $25000 Bounty For Reporting a CSRF Vulnerability

Facebook Awarded $25000 Bounty For Reporting a CSRF Vulnerability

by Abeerah Hashim
Facebook Account Takeover Vulnerabilities

Facebook is already going through tough times since Cambridge Analytica scandal. Nonetheless, their vigilance towards the security of their platform comes in as good news for bug bounty hunters. Particularly, after this report, many bug bounty hunters would be happy to find vulnerabilities in the Facebook platform. A hacker has discovered a critical CSRF vulnerability that made Facebook accounts vulnerable to attack. Facebook acknowledged his effort with a $25,000 bounty.

Critical CSRF Vulnerability Discovered In Facebook

Recently, a bug bounty hunter Youssef Sammouda found a critical cross-site request forgery bug in the Facebook platform. This CSRF vulnerability could allow an attacker to take over accounts effortlessly.

Sammouda has elaborated the details of his findings in a blog post. Explaining about the flaw, he wrote,

“This is possible because of a vulnerable endpoint which takes another given Facebook endpoint selected by the attacker along with the parameters and make a POST request to that endpoint after adding the fb_dtsg parameter.”

The vulnerable endpoint, as highlighted, was https://www.facebook.com/comet/dialog_DONOTUSE/?url=XXXX. Here, XXXX denotes the parameter serving for the POST request.

According to Sammouda, the vulnerability existed in the endpoint located under the domain “www.facebook.com”. Thus, it became easier for a potential attacker to exploit the flaw. An attacker could simply hijack Facebook accounts by simply tricking the victims to click on a malicious link.

In fact, the hacker himself has demonstrated a range of functions he could perform by exploiting this link. This includes making a timeline post, deleting profile picture, or even tricking the user to delete the account.

Demonstrating the exploit further, he explained that the same link could be used to take over accounts. All it required was adding a new phone number and email address to the target account.

Facebook Awarded $25000 Bounty

Perhaps, winning a hefty amount of $25000 as bounty for reporting a single bug is not easy. However, it seems Facebook has realized the critical nature of the vulnerability Sammouda reported. As he wrote in his blog, the vulnerability could let an attacker take over any random account.

“The attack seems long but it’s done in a blink of an eye and it’s dangerous because it doesn’t target a specific user but anyone who visits the link”

In simple words, this CSRF vulnerability had put almost all Facebook accounts on the verge of hacking. Thanks to Sammouda that he promptly reported the flaw to Facebook. Also, Facebook acted quickly to fix the flaw within five days from the initial report.

Although, the recent report highlights a critical security flaw that Facebook patched in time. However, it isn’t the first instance where Facebook had to deal with a critical vulnerability. Last year, we heard of numerous instances, where Facebook bugs exposed users’ photos and triggered account hacks in millions.

You may also like