Facebook privacy bug allowed Palestinian Researcher post vulnerability details on Zuckerberg wall

Khalil Shreateh - A Palestinian web developer and information system expert found a facebook vulnerability that allow any one to post on someone’s wall without any permission. Facebook Security team failed to recognize the critical bug which prompted Khalil to post vulnerability details on Mark Zuckerberg (Facebook CEO) wall successfully as a proof of concept.

facebook bug exploit zuckerberg

The vulnerability allows any Facebook user to post anything on the walls of other users - even if those users are not included in their friends list. He reported the vulnerability to Facebook whitehat team. However, the social network’s security team failed to acknowledge the bug and responded to the Khalil’s report that “Sorry, this is not a bug”.

After posting on Mark Zuckerber’s timeline, facebook blocked his account for violating terms of service and He wont be paid for reporting it because his actions violated the terms and conditions.

Mr. Khalil also posted a video on Sarah Goodin wall who studied at the same college as Facebook CEO Mark Zuckerberg,

Sara Goodin

In the latest reply, Facebook restored Khalil’s account but no bug bounty of the reported bug.

email