On the other hand, there is an endpoint for business pages called userpermissions that allows one to add or remove business page admin roles who are already handling the Facebook business.
The following request would make target user as admin of the page.
After a few minutes of testing, I got to know that removing the business parameter from the request didn’t throw any error and allow us to add anyone as new page admin and delete the actual page admin on the non-business page where the application has manage_pages permission.
That’s it! Whatever the application may be, if it is having the manage_pages permission of the admin then it could hack all of your Facebook account pages in a fraction of seconds.
Final Proof of Concept of Page Takeover:-
Reported this vulnerability to the Facebook security team and it is completely fixed now. They rewarded me $2500 USD as a part of their bug bounty program.Even though they placed a fix for this vulnerability, please be aware of the permissions you grant to any applications.
Permissions dialog box would look like this
If manage_pages is requested please note that this app would be able to manage your pages (post statuses, publish photos etc..).
People need not worry, we can still modify the permissions you have granted to other apps here.
great sir 🙂
Can i get full video for hack facebook page
can i get Hacked.php file or script
you deserve more than 2.500 $
:p Great job son
The video could be more usefull if you slow down. And perhaps add some text about what you're doing.
Keep up the good work! Enjoy, the bounty 😉
Nice one 🙂
:)) too great, you are very professional, but I can get acquainted
Post a vid nigg
I CANT UNDERSTAND HELP ME
Can you get me any videos for hack Facebook account?
Some pages deserve to be hacked. Great job jackass
Could you help please my business page was hacked a month ago after 3 cases with Facebook certified lawyers letters they don’t seem to be bothered even no I have lost my livelihood and income
Hi a great and useful information. My FB page has been hacked recently and despite repeat reporting to FB, I am yet to hear from them. Can you help me with the way forward.
Can someone help me to hack this profile, the bastard has just hacked another account of mine and deleted it altogether. If anyone can help. https://www.facebook.com/profile.php?id=100004216817397
This is still live, and pretty sure I just got hit with it.
“WATCH THIS VIDEO”…..THERE IS NO VIDEO! LOL!