How did i find information Disclosure on Facebook-Writeup June 20, 2020
GeneralResearcheszero-day
fbug

Hello everyone, This is my first writeup about the bug that I found on Facebook back on 3/1/2018.

 

So, I wasn’t interested in Facebook bug bounty program for a while since I was so busy with my highschool exams back in 2018, I just wanted to collect some information about some users, and to know the methods to do that.

 

However, I started to copy the usernames of some users and to move to the login page, then trying to do forget password and click I have no access to my email.

 

So I get after that in some users an option to try to recover the account using my trusted friends!

 

Okay so for example when I try that it sends me to this page :

https://www.facebook.com/recover/trusted?cp=5bafbd0f%40mozej.com&ntplr=0

 

 

and it asks me to enter the names for 3 trusted friends.

 

so without sending the request to the burp suite, without thinking too much, I said  ntplr=0 hmm?

 

Let’s try to put 1 so it will be ntplr=1 😀

guess what? yeah, it worked I can see the trusted friends now for an account in the Facebook, even if the account doesn’t use the trusted friends feature I’m able to see the most 5 friends the user talk to them using the messenger.

so I was like :

 

fbug

 

So as you can see in this screenshot, the GET parameter [ntplr] was vulnerable!, if you set it to 1 it will disclosure the target information for you, and I was able to write an exploit tool using python to retrieve any user trusted friends for me just by entering the user id, and it’s doing that just by replacing the user id in the session.

 

I have rewarded a bounty of 1500$ and my name in the Facebook hall of fame for 2018.

 

 

So, my advice to you here, don’t give up, don’t listen to anyone that could frustrate your spirits, Always focus the smallest things here might matter for you .. I found this bug in 15 minutes only, you might say, whoa what the hick, how lucky this guy is! well guess what even if you’re lucky the vulnerability will not popup by itself to you while you’re playing or not trying, you’ll find it while you’re trying so here it’s not luck .. It’s just you trying your best.

so as I always say:

  surmount the peak

 

Thanks for reading 😀 .. if you have any question do not hesitate to ask me on Facebook

 

With kind Regards.

Alaa Abdulridha on EmailAlaa Abdulridha on FacebookAlaa Abdulridha on GithubAlaa Abdulridha on InstagramAlaa Abdulridha on LinkedinAlaa Abdulridha on Twitter
Alaa Abdulridha
My name is Alaa Abdulridha I'm a computer engineering student and cybersecurity researcher I'm interested in web application pen-testing and game development, also I'm interested in some bug bounty programs, I like a lot of things such as reverse engineering, reading the others code to learn and then to find my own exploits and teaching it to you, Do you want to know more about me? Click Here.