Facebook is the largest social network ever known on the internet, People are using Facebook for contacting friends, Family and sometimes for Work!
When it comes to Work that means an important notifications from your company’s page, work account, work admins, business accounts, etc…
One of Seekurity team members discovered a vulnerability that could easily spam any of friends accounts notifications results in missing a lot of other important notification because of the fact that facebook only stores the last 99 notification items!
The reproduction steps as follow:
1- User A sends a movie recommendation to User B
2- User B Respond to the request, select a movie and tamper the request then send it
3- User B re-send the request many times so User A will be bombed with a recommendation notifications
– User A has nothing to do to stop such attacks except blocking User B
-Facebook Backend has a glitch that User A sent a recommendation and when User B responded to it, the backend forgot to delete the las recommendation request.
[*] PoC Video:
Building a website? Or already built a one? Think twice before going public and let us protect your business!