Facebook error allows anyone to delete your photo

If you are thinking that a website worth more than $ 500 billion will not have any vulnerabilities, you are wrong.

Pouya Darabi - Iran's web developer discovered and reported a simple but quite important vulnerability on Facebook earlier this month that could allow anyone to delete your photos on this social networking platform.

This vulnerability is included in Facebook's new Poll (Facebook poll poll) feature, which includes normal images and GIF animations.

1. Find out about the Explore Feed feature on Facebook
2. 10 ways to access Facebook and websites that cannot access

Darabi analyzed this feature and found that when creating a new poll, anyone can easily replace the image ID (or gif URL) in the request to send to the Facebook server with a photo ID. photos of any photo on social networks.

Facebook error allows anyone to delete your photo Picture 1

After sending a request with another user's image ID (uploaded by another person), that image will appear in the poll. Darabi said: Whenever a user creates a poll, the request contains a gif URL or image ID that will be sent, poll_question_data [options] [] [associated_image_id] containing the image ID will be uploaded.

">

Obviously, if the poll creator deleted the post, as shown in the video above, it will also delete the source image even if the poll creator does not own the image.

The researcher also said he had received $ 10,000 in bonuses from Facebook after reporting the vulnerability on November 3 and Facebook quickly patched the flaw.

This is not the first time Facebook has encountered this problem. Previously, researchers discovered and reported a number of vulnerabilities that allowed them to delete videos, photo albums, comment and modify messages from this social networking platform.