Delete any
Image on Facebook
When I was checking out facebook’s new features, I noticed that polling feature were added to the posts so I start working on it.
Whenever a user tries to create a poll, a request containing gif URL or image id will be sent,
poll_question_data[options][][associated_image_id] contains the uploaded image id.
When this field value changes to any other images ID, that image will be shown in poll.
After sending request with another user image ID, a poll containing that image would be created.
 |
| Our uploaded image has been replaced by victim’s image |
At the end when we try to delete the poll, victim’s image would be deleted with it by facebook as a poll property.
POC:
I appreciate Facebook security team for resolving this vulnerability quickly.
Working as a cyber security solutions architect, Alisa focuses on application and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.
