Deleting Anyone's Video Poll

bugreader.com · devanshbatham/Awesome-Bugbounty-Writeups · 5 hours ago · bug-bounty
0 net
AI Summary

An IDOR vulnerability in Facebook's video poll feature allows attackers to delete polls from other users' videos by manipulating the deleted_poll_ids parameter in POST requests to the video editing endpoint.

Tags
idor insecure-direct-object-references authorization-bypass facebook web-application video-poll bug-bounty parameter-manipulation burpsuite
Entities
Dan Melamed Facebook Burpsuite
Deleting Anyone's Video Poll | Bugreader Dan Melamed Published On: 25 Apr 2020 Deleting Anyone's Video Poll IDOR Facebook | Web --- MEDIUM VALID Description I have discovered a vulnerability in Facebook's new feature that allows you to add a poll to a Facebook video. Impact By exploiting this vulnerability, an attacker can delete a poll that belongs to another user's video without authorization. Reproduction Steps Step 1 Upload a video to a Facebook page Step 2 In the video editing page, go to the Polls tab and choose to create a new poll. Then submit the video. Step 3 Go back and edit the video. Delete a poll and before hitting Save, intercept the request with a tool such as Burpsuite Step 4 A POST request will be sent to /video/edit/dialog/save/?v=(VIDEO ID)&av=(PAGE ID) Step 5 The vulnerable parameter in this POST request is: deleted_poll_ids[0] = (POLL ID) Step 6 Replace your (POLL ID) with the victim's video poll id Step 7 Submit the request. The poll is now successfully deleted from the victim's video. Timeline Dan 01 Nov 2018 Initial Report Facebook 02 Nov 2018 Reproduced and Triaged Facebook 06 Nov 2018 Fixed Facebook 06 Nov 2018 Bounty Awarded VALID General Info Description Impact Steps Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step 7 Timeline Initial Re ... Reproduced ... Fixed Bounty Awa ... Show All Images ×
← Back to stories