Total Pageviews

Tuesday, November 4, 2014

How I made 500 USD by reporting a logical security bug under Facebook Whitehat Reward programme

Hi friends , I want to share you a very simple tricky bug for which I was awarded bounty by facebook. In order to get facebook bug bounty , you need not have in depth hacking knowledge, common sense and logical bugs can help you find security issues which you can cash on. Now coming to the bug description. If you navigate to URL https://www.facebook.com/help/www/220336891328465 you can see various privacy options for Groups like Open, Closed and Secret on facebook. So as per the policy for the "Secret" Group only Group members of the "Secret" Group can see the "Group Name", "Group Description" and "Group tags". But when I investigated this functionality I found that even members who have been removed from this "Secret " Group i.e former members of the Groups were still able to see the "Group Name", "Group Description" and "Group tags". Hence this was breaching the policy set up for the "Secret" group. I reported this issue to facebook security via link https://www.facebook.com/whitehat/report/ on 5 Dec 2013 and I got reply from the security researcher name Emrakul and he confirmed the report. Finally security researcher named Godot confirmed that issue has been fixed and asked me to verify. Here facebook security team did not perform any changes in the code, instead they choose to  amend the wordings at the link https://www.facebook.com/help/www/220336891328465 saying even former members can see those details. Coming to the best part, I was awarded 500 USD for reporting this. So keep hunting guys, very well we all can find logical bugs.
Posted by at No comments:

Wednesday, November 2, 2011

Ethical Hacking

Hacking is the most toxic and I would say most addictive game on the planet. But hacking doesn't have to mean breaking laws or breaking into others system. 
What I am talking about is hacking as a healthy recreation, and as a free education that can qualify you to get a high paying job in the field of Network security. In fact, many network systems administrators, computer scientists and computer security experts first learned their professions in the hacker culture.

And -- hacking can be surprisingly easy. Hack, if I can do it, anyone can!
Regardless of why you want to be a hacker, it is definitely a way to have fun, impress your friends, and get dates.
Want more...Read the pages on this blog





Posted by at 4 comments:
Subscribe to: Posts (Atom)