Jan 22, 2021

Introduction

Hello Everyone, I am Prakash Panta From Bharatpur Nepal. Today i will tell you about my 3rd valid bug on Facebook. Let’s get started.

Explanation of Issue

I noticed that when someone’s comments in the Page post admin gets notification. Once i click that notification it will redirected to the Page Post where the comments was made. I tried to reply that comment, Sadly comment was attributed as Page.

Again i logged in my another account and comment in that post and reply my own comment from another account. I quickly logged in Page Admin Account, it shows someone is replied to this comments. So i quickly tap that notification and it redirected to that comment, I replied there. Surprisingly Comment was attributed as Page Admin Personal Profile.

Once reported, they acknowledged my report,they rewarded me with bounty and finally they fix the issue.

Message From Facebook Security Team

Proof of Concept

Timeline of Report

June 17, 2020: Report Sent

June 23, 2020: Not Reproduced and more info sent

June 26, 2020: Pre-Triaged

June 27, 2020: Triaged

August 28, 2020: Bounty Awarded

January 22, 2021: Confirmation of Fix and Fix Confirm from my side

Thank you for taking the time to read my article. Have a great day!
You can follow me on Facebook or Twitter if you would like to stay connected with me.


Tags: bugbounty bugbountywriteup writeup Facebookbugbounty Facebook Infosec Facebookbug

Contact Me

Feel free to contact me

Any message you want to leave?

Address
Chitwan,Nepal
Phone
+9779845953745