Spamming Facebook Messages

We have reported this bug to Facebook and they replied asking “How is this different than hitting the message button?”

If you want to spam everyone in the World that uses Facebook, it’s quite easy to do. Their code uses a numeric value.

This is a spammers delight and Facebook just dismissed it.

Step 1:

Go to anyone’s Facebook profile.

Step 2:

Right click on the message button.

mess

Step 3:

Navigate to “Inspect”

If you have developer tools enabled you should see the code that Facebook has written.

The small bit of code we are interested in is hard to see in this batch of code, but to the hackers eye we can see one flaw.
id
id2

Changing the ID lets you message whoever that ID is.

Enumerate that with a little script, you can message everyone on Facebook.

banner111

This can be used to propagate propaganda to users of the platform and is extremely dangerous.

This post is for educational purposes only, we do not condone anyone hacking any website.

Qubits January 3-2018

Updated 2018-04-11

bits

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.