HACKER INI DAPAT REWARD $40000 SETELAH TEMUKAN BUG IMAGETRAGICK DI FACEBOOK

Kalian pasti kenal dengan celah ImageTragick Remote Code Execution. Memang banyak situs besar yang terkena dampak dari bug yang ditemukan pada April 2016 tersebut. Namun siapa sangka bug tersebut (setelah diolah lebih dalam) juga menginfeksi Facebook. Tepatnya di bagian dialog aplikasi  "Share on facebook".


Whitehat bernama Andrew Leonov tersebut berhasil mengeksploitasi lebih dalam dari celah ImageTragick yang memungkinkan dirinya untuk melihat isi dari /proc/version pada server Facebook.

Dia pun mengaku bangga menjadi salahsatu orang yang berhasil "menumbangkan" Facebook.
Untuk PoC lebih jelasnya kalian bisa langsung ke :

Tim Facebook sendiri telah mengkonfirmasi celah tersebut dan memberi reward sebesar $40000.
Timeline :
  • 16 Oct 2016, 03:31 am: Initial report
  • 18 Oct 2016, 05:35 pm: Actual PoC I used requested by security team member Neal
  • 18 Oct 2016, 08:40 pm: I replied by sending a PoC and provided additional info
  • 18 Oct 2016, 10:31 pm: Bug acknowledged by security team member Neal
  • 19 Oct 2016, 12:26 am: Just heads-up by security team member Neal that fix is in the progress
  • 19 Oct 2016, 02:28 am: Neal informed me that vulnerability has been patched
  • 19 Oct 2016, 07:49 am: I replied confirming that the bug was patched and requested disclosure timeline
  • 22 Oct 2016, 03:34 am: Neal answered about disclosure timeline 
  • 28 Oct 2016, 03:04 pm: $40k reward issued
  • 16 Dec 2016: Disclosure approved
Bagaimana ? tertarik untuk mencoba peruntungan dengan Facebook Bugbounty? (jack/lsc)

Related Posts:


1 Response to "HACKER INI DAPAT REWARD $40000 SETELAH TEMUKAN BUG IMAGETRAGICK DI FACEBOOK"

  1. Our website allows you to chop any FB history in just a few written account. To get get down, you just need to insert the ID of an existent FB profile and let us do the job for you. Our social unit offers a calibre military service, represented by a very potent fb cyberpunk agency and with 6 age of experience. With us you can have fun hacking the profile of your selection.


    hack facebook password


    This hand will come in the sociable meshing information to recover the e-mail, watchword and the mystery oppugn from your individual act

    hack facebook account

    hack facebook password


    Because we care about your guard and namelessness, we use several VPN host. In that way, we will vouch full phase of the moon obscurity, the best security and a lineament divine service.

    how to hack facebook password

    facebook hacker online
    As we have advert above, ward-heeler a Facebook account with our help is really easy. Our empanel will spring you approach to a program from where you can admittance to all the hidden pictures, messages and so on, akin to any account you may want to bank check. You can also delete the capacity of that report.
    facebook hacker password

    http://piraterfacebook.net/

    ReplyDelete

Labels

Hacking (49) Blogspot (25) Template (18) Web|Blog (13) Android (6) Movies (6)

Link