Palestinian Hacker ‘Khalil Shreateh’ Found a Vulnerability in Facebook That allowed him to post on Mark Zuckerberg’s Timeline.
Every profile holder on Facebook have privacy settings options that enables them to allow post on their timeline by their friends, public, or no one. This Vulnerability Allowed hacker to bypass the privacy settings of any Facebook friend and Non friend user and let him post on Their timeline.
Facebook team was not able to recognize the critical vulnerability after three consecutive try’s when the hacker first posted on timeline of ‘Sarah Gooden’ who was In the College with Mark Zuckerberg. And the replied sorry this is not a bug.
This video by the hacker shows how he managed to Post on timeline of Non friend:
Finally this forced the hacker to post the vulnerability details on Facebook CEO, Mark Zuckerberg’s timeline. The reported vulnerability was in a file name ‘composer.php’.
Finally a Facebook security engineer responded to hacker for the details of Vulnerability. and after the Information about the third bug they were able to find the vulnerability and fix it.
Hacker was not chosen for the Facebook bug bounty program, said the Facebook security engineer as he violated the Facebook security, terms and condition.
At the time of writing the Article Timeline post from Zuckerberg’s wall was removed, and vulnerability was fixed.