A severe protection imperfection impacted the Facebook Post Page function
… that might possibly cause a mess for the admins. As revealed, exploiting this Facebook Page susceptability could enable a foe to produce undetectable posts on the target web pages.
“This change refined perfectly, where Facebook already considered the researcher to have an advertiser function on the target web page. As stated in the article, Transforming page_id prior to saving the mockup in Graphql demand and then returning the sharable web link for it, offers us the capacity to create a message on any page. All we need to do is to discover the post_id that exists on any kind of advertisement sneak peek endpoints.”
Facebook Granted $30K Bounty
As disclosed, manipulating this Facebook Page vulnerability could allow a foe to develop invisible blog posts on the target pages. Facebook Web page Susceptability Safety and security researcher Pouya Darabi has lately shared his findings relating to a significant protection vulnerability targeting the Facebook Web page function. The bug allowed a possible opponent to develop a post that would allegedly originate from the target Facebook Web page. As stated in the article, Changing page_id prior to conserving the mockup in Graphql demand and then obtaining back the sharable web link for it, provides us the ability to produce a blog post on any type of web page.