View Friends List of any users using “View as” | Facebook Bug bounty

Hello guys,

to today i want to share how i find my 1st bug bounty of this year (2022) with Facebook BBP.

so let’s start… on Feb 28, 2022 facebook takedown my main account on facebook due to violations, so on that day i also create new account then after 2 weeks when im changing the privacy of my facebook account after i set all to “only me” then i decided to view my account using “view as” then when i click na the friends tab my facebook friends appear on in the list which is should not happened.

Then i try to view my profile with another account if its already set then after i checked it’s all normal i can’t see my friend list’s using another account.

After that i tried to view my profile on the browser then when i goto my profile using “view as” i tried to replace my username on url bar to another username then i see their friend list

so i reported it on faceboook.

Timeline Review
Mar 13, 2022 (Initial report)
Mar 14, 2022 (Triaged)
Mar 18, 2022 (Fixed)
Apr 02, 2022 (Bounty awarded)

--

--

--

Be Happy :)

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Enecuum weekly Community News —  1st Edidtion 13/05/2021

Authentication on The Web without the Math

Protecting Data from Breaches Requires an Encryption Key Management Strategy

Day 1 Observations from RSA

How to Engage Developers in App Security

Are you ready for The world's first communication (notification) protocol!? 🥳

Crodo.io —  Token Public sale

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Ph.Hitachi

Ph.Hitachi

Be Happy :)

More from Medium

Blind SQLi Explained Simply

Walkthrough of “Insecure Deserialization”- PentesterAcademy

CVE-2022–30777

What is the John The Riper(JTR)? How to use JTR?