Dec 30, 2020

Introduction

Hello Everyone, This is my first ever bug that i have found on Facebook. Initially i don’t know anything about bug bounty and cybersecurity. One day i just scrolled the Facebook news feed and I saw the post of Saugat Pokharel brother about the Acknowledged By Facebook Security Team and I quickly text him. He shares something useful tips to me due to which i got my first ever Bounty from Facebook.

Explanation of issue

Now, Let me explain the issue. Once i was testing some LiveStream Feature in Facebook for iOS. In iOS there is option to switch voice as a Page in other Posts and I quickly go to other Page LiveStream and Switch voice as a Page and Comment there then it is posted as a Page Name it works fine till that time. When i try to reply Someone’s Comments it is attributed as Admin’s Personal Identity which is unlikely to happen. I quickly reported this issue to Facebook Security Team.

Proof of Concept

Once reported, they acknowledged my report,they fixed the issue, I found fix bypass of the issue and finally rewarded me with bounty.

Message From Facebook Security Team

Timeline of Report

June 7, 2020: Initial Report Sent

June 19, 2020: Pre-Triaged (After Several Discussion)

June 23, 2020: Triaged

July 2, 2020: Confirmation of Fix and Bounty Awarded ($500)

July 16, 2020: Bypass Sent

July 23, 2020: Pre-Triaged

September 8, 2020: Triaged

September 24, 2020: Confirmation of Fix and Fix Confirm from My Side

October 1, 2020: Bounty Awarded ($500)

Thank you for taking the time to read my article. Have a great day! You can follow me on Facebook or Twitter if you would like to stay connected with me.


Tags: Bugbounty Facebook FacebookBugBounty Writeup

Contact Me

Feel free to contact me

Any message you want to leave?

Address
Chitwan,Nepal
Phone
+9779845953745