HOW I WAS ABLE TO TAKEOVER FACEBOOK ACCOUNT | Bug Bounty Poc
hey all here is ameer hamza, Facebook has recently introduced login with phone functionality if you have forgotten your password. however I was able to exploit it which leads to access the facebook account.login with phone button pops a qr code to scan :
so i thought why not try to break it ?
firstly i tried to decode the qrcode using QrCode Decoder here is what i got :
open the url these are the options I got :
just capture the request and send it to repeater while dropping the request too so that the code don’t get expired ,changed the fb_dtsg value to AQG8uIRB5b_U:AQHYfzdc7AB from AQG8uIRB5b_U:AQHYfzdc7VMV and it just got accepted ! 😀 (no screenshot available -_-)
Didn’t thinking for a while to create a csrf form :
Shit! the request got aborted :/ :
for understanding all the shit qr code does. monitored all the request again and after 2 to 3 hours of brainfuc*k hence, came to know that its important for the victim to open the link first so that the fb server could detect it as scanning the qr code . i quickly made the csrf form again :
and here comes the response 😀 :
I was like :
tested it on 2,3 accounts and hopefully this bug was legit ! and here is the poc I made:
after three days of waiting and 4 any update replies this got duplicated 🙁 :
Bug : Qr code’s allow login/i wasn’t trying to login form was vulnerable to csrf
Impact : this security issue leads any attacker to gain access of the victims account.
Reward : n/a
That’s all fellas ! Hope you enjoyed my write up , Thanks to Muhammad Khizer Javed
Best Regards, Ameer Hamza
Discover more from Security Breached Blog
Subscribe to get the latest posts sent to your email.
I’m confused… you have to already have access to the account in order to get the qr code , so what exactly was the attack here? You used the login to login to an account you already had access to?
Good job man
I have reported it last month, that’s why you have got it duplicate. Anyways nice blog.