Linux Security Blog

, , , , , , , ,

By

QuBits

·

Spamming Facebook Messages

We have reported this bug to Facebook and they replied asking “How is this different than hitting the message button?” If you want to spam everyone in the World that uses Facebook, it’s quite easy to do. Their code uses a numeric value. This is a spammers delight and Facebook just dismissed it. Step 1:…

We have reported this bug to Facebook and they replied asking “How is this different than hitting the message button?”

If you want to spam everyone in the World that uses Facebook, it’s quite easy to do. Their code uses a numeric value.

This is a spammers delight and Facebook just dismissed it.

Step 1:

Go to anyone’s Facebook profile.

Step 2:

Right click on the message button.

mess

Step 3:

Navigate to “Inspect”

If you have developer tools enabled you should see the code that Facebook has written.

The small bit of code we are interested in is hard to see in this batch of code, but to the hackers eye we can see one flaw.
id
id2

Changing the ID lets you message whoever that ID is.

Enumerate that with a little script, you can message everyone on Facebook.

banner111

This can be used to propagate propaganda to users of the platform and is extremely dangerous.

This post is for educational purposes only, we do not condone anyone hacking any website.

Qubits January 3-2018

Updated 2018-04-11

bits

Tags:

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.