Hi,
I would like to share one of Logical Bug in facebookgroups. The bug I found was too simple to exploit but it had a great Impact.
[#] Title: Logical bug on facebook group.
[#] Worth: $2000 USD
[#] Status: Fixed
[#] Severity : I don’t know :p
[#] Author: Manjesh S
[#] Twitter: @Manjesh24
Description:
If you are the admin of the group you can remove the users, add users, edit/delete posts etc..
But if you make a attacker admin then he also gets the same admin rights, The problem is you cannot remove the attacker from the group using this bug..
Không có nhận xét nào:
Đăng nhận xét