A security researcher has discovered a critical vulnerability in Facebook that could allow attackers to delete any video of the social networking site shared by anyone on their wall.
The flaw has been discovered by security researcher Dan Melamed in June 2016, allowing him not only to remotely delete any video on Facebook shared by anyone without having any permission or authentication but also to disable commenting on the video of your choice.
Here’s how to exploit this flaw: In order to exploit this vulnerability, Melamed first created a public event on the Facebook page and uploaded a video on the Discussion part of the event.
While uploading the video, the researcher tampered the POST request using Fiddler and then replace the Video ID value of his video with Video ID value of any other video on the social media platform.
Although Facebook responded to this issue with a server error, i.e. “This content is no longer available,” but the new video was successfully got posted and displayed just fine. Continue reading