Facebook corrects a flaw that allowed removing the photos of other users

Facebook has paid $ 12,500 to a security researcher in India for the discovery of a flaw that allows an attacker, through the identification of a photo and easily delete a photo. Unlike Palestinian hacker Khalil Shreateh, Arul Kumar has received a reward, 12,500 dollars, from Facebook to the discovery and disclosure of a security lapse on the site. The security researcher has discovered on the social network, and more specifically in the setup menus (Support Dashboard), a critical bug. The attack was done from the Facebook menu to send a request to withdraw a photograph published on the social network. These requests can be sent to Facebook or directly to the owner of the image. The process automatically generates a link, which if clicked then automatically generates the suppression of the image. Arul Kumar had found a way to send the request to another recipient and could remove at will and photos on the social network. For this, the attacker needed the id of the photo and the user ID (available on the Facebook Graph). The flaw in it has been corrected by Facebook's security team, and therefore rewarded Arul Kumar.