Image removal vulnerability in Facebook polling feature

KNOWLEDGE BELONGS TO THE WORLD
Share on FacebookTweet about this on TwitterShare on LinkedInShare on RedditShare on Google+Share on TumblrPin on PinterestDigg this
Delete any
Image on Facebook

 

 

When I was checking out facebook’s new features, I noticed that polling feature were added to the posts so I start working on it.
POLL

 

Whenever a user tries to create a poll, a request containing gif URL or image id will be sent,
poll_question_data[options][][associated_image_id] contains the uploaded image id.
Image


When this field value changes to any other images ID, that image will be shown in poll.
After sending request with another user image ID, a poll containing that image would be created.
Image
Our uploaded image has been replaced by victim’s image
At the end when we try to delete the poll, victim’s image would be deleted with it by facebook as a poll property.
Image
POC:

I appreciate Facebook security team for resolving this vulnerability quickly.
(Visited 35 times, 1 visits today)
KNOWLEDGE BELONGS TO THE WORLD
Share on FacebookTweet about this on TwitterShare on LinkedInShare on RedditShare on Google+Share on TumblrPin on PinterestDigg this