Dec 30, 2020
Hello Everyone, This is my first ever bug that i have found on Facebook. Initially i don’t know anything about bug bounty and cybersecurity. One day i just scrolled the Facebook news feed and I saw the post of Saugat Pokharel brother about the Acknowledged By Facebook Security Team and I quickly text him. He shares something useful tips to me due to which i got my first ever Bounty from Facebook.
Explanation of issue
Now, Let me explain the issue. Once i was testing some LiveStream Feature in Facebook for iOS. In iOS there is option to switch voice as a Page in other Posts and I quickly go to other Page LiveStream and Switch voice as a Page and Comment there then it is posted as a Page Name it works fine till that time. When i try to reply Someone’s Comments it is attributed as Admin’s Personal Identity which is unlikely to happen. I quickly reported this issue to Facebook Security Team.
Proof of Concept
Once reported, they acknowledged my report,they fixed the issue, I found fix bypass of the issue and finally rewarded me with bounty.
Timeline of Report
June 7, 2020: Initial Report Sent
June 19, 2020: Pre-Triaged (After Several Discussion)
June 23, 2020: Triaged
July 2, 2020: Confirmation of Fix and Bounty Awarded ($500)
July 16, 2020: Bypass Sent
July 23, 2020: Pre-Triaged
September 8, 2020: Triaged
September 24, 2020: Confirmation of Fix and Fix Confirm from My Side
October 1, 2020: Bounty Awarded ($500)