Vulnerability Report - Facebook Events / Block Bypass Hello, Today, I'm sharing a vulnerability I discovered in Meta's bug bounty program. This vulnerability allows an attacker to prevent any Facebook user from blocking them. Description of Vulnerability: 1. On Facebook Events you can go to: https://www.facebook.com/events/create/ and create a recurring event — which is simply a single event that repeats at different time intervals. 2. If you create a recurring event and then delete that recurring event, any Facebook user who tries to block you on Facebook will encounter an error message that prevents them from doing so. Exploitation Scenario: 1. The attacker wants to prevent any Facebook user from blocking them permanently. 2. The attacker goes to: https://www.facebook.com/events/create/ , clicks “Repeat event”, sets it to repeat twice, then clicks “Create event”. 3. The attacker deletes this recurring even...
I'm Moaz Adel, a bug bounty hunter. In this blog, I'll share write-ups about the security vulnerabilities I discover