You can find serious bugs that you can use to delete someone's photos without permission on Facebook


ByMaster OSM 2011

A fatal bug that "Third parties without a stranger can easily delete all the pictures in the album" was found on Facebook.

7xter: How I Hacked Your Facebook Photos
http://www.7xter.com/2015/02/how-i-hacked-your-facebook-photos.html

Facebook Graph API Bug Exposes Vulnerability | ProgrammableWeb
http://www.programmableweb.com/news/facebook-graph-api-bug-exposes-vulnerability/2015/02/12

Laxman MuthiyahNoticed that the Graph API did not authenticate the user when trying out the access token of Facebook Graph API trying to delete the photo file in the album. This means that if you issue a request to delete an album with the Graph API, everyone was in a state to delete all the pictures in others' albums.


If a malicious user had found it, it was a fatal bug that Facebook photograph data could be buried up in the end, but by contact from Muthiyah, we have dealt with now.

In addition, Muthiyah received a bribe of $ 12,500 (about 1.5 million yen) by reporting this bug.

in Note,   Web Service, Posted by darkhorse_log