Hacking Facebook to delete any account; Facebook again refuses to pay Bounty
Sep 05, 2013
In the past few days, Facebook refused to pay bounty to Khalil Shreateh , the security researcher who used the bug he discovered to post directly on Facebook CEO Mark Zuckerberg 's Timeline after Facebook Security rejected his attempts to report it. Ehraz Ahmed, an independent Security Researcher claimed that he reported a critical vulnerability to the Facebook Security team, which allows the attacker to delete any account from Facebook. But Facebook refuses to Pay Bug Bounty , because he tested flaw once on his friend's account, " I reported this bug to Facebook, I'm really not happy with them. After waiting for such a long time for their reply, they denied it saying that you used this bug only works for test accounts, where as I used it for removing real accounts and now the vulnerability is also fixed after their email." he said on his blog . Video Demonstration of Exploit: Vulnerable URL : https://www.facebook.com/ajax/whitehat/delete...
