Hacker Reveals How to Hack Any Facebook Account

hacker revels how to hack any facebook account
Hacking Facebook account is one of the major queries of the Internet user today. It’s hard to find but an Indian hacker just did it and revealed directly to the facebook itself how he found a vulnerability with which he could almost hack any facebook account.
A security researcher discovered a ‘simple vulnerability’ in the social network that allowed him to easily hack into any Facebook account, view message conversations, post anything, view payment card details and do whatever the real account holder can.
Facebook bounty hunter Anand Prakash from India recently discovered a Password Reset Vulnerability, a simple yet critical vulnerability that could have given an attacker endless opportunities to brute force a 6-digit code and reset any account’s password.
 how-to-hack-facebook-account

Here’s How the Flaw Works

The vulnerability actually resides in the way Facebook’s beta domains handle ‘Forgot Password’ requests.
Facebook lets users change their account password through Password Reset procedure by confirming their Facebook account with a 6-digit code received via email or text message.
To ensure the genuinity of the user, Facebook allows the account holder to try up to a dozen codes before the account confirmation code is blocked due to the brute force protection that limits a large number of attempts.
However, Prakash discovered that the social media giant had not implemented rate-limiting in its password reset process on the beta sites, beta.facebook.com and mbasic.beta.facebook.com, according to a blog post published by Prakash.
Prakash tried to brute force the 6-digit code on the Facebook beta pages in the ‘Forgot Password’ window and discovered that there is no limit set by Facebook on the number of attempts for beta pages.

Here’s the culprit:
As Prakash explained, the vulnerable POST request in the beta pages is:

lsd=AVoywo13&n=XXXXX

Brute forcing the ‘n‘ successfully allowed Prakash to launch a brute force attack into any Facebook account by setting a new password, taking complete control of any account.
Prakash discovered the vulnerability in February and reported it to Facebook on February 22. The social network fixed the issue the next day and paid him $15,000 as a reward considering the severity and impact of the vulnerability.
Summary
Hacker Reveals How to Hack Any Facebook Account
Article Name
Hacker Reveals How to Hack Any Facebook Account
Description
Hacking Facebook account is one of the major queries of the Internet user today. It's hard to find but an Indian hacker just did it and revealed directly to the facebook itself how he found a vulnerability with which he could almost hack any facebook account.
Author
Publisher Name
Ethical Hackers Community
Publisher Logo