Specialist in IT-security Arul Kumar of India found a critical vulnerability in Facebook Support Dashboard that allowed to delete photos that belong to other users. According to Kumar, the “hole” can be operated in any browser, any version, but the easiest way – using a mobile platform.
One of the functions of Support Dashboard – send requests to remove custom images. Recipients of the request could be a social network administrators and users themselves, post pictures.
Kumar found that by using certain manipulations can change the Photo_id and Profile_id, reports ZDNet . They are used to generate reports which contains a reference to a command that removes photos. Substituting the appropriate values, the hacker was able to send a link command to delete the photos of his accomplice.
Facebook recognized the critical vulnerabilities found and Kumar was paid $12,500 for its detection.