Back in October, 2018, I discovered a vulnerability on Facebook that allowed me to create unauthorized comments on live streams of people who aren’t my friends and don’t allow non-friends to comment on their posts.
For this vulnerability, the Facebook Security Team rewarded me a bounty amount of $750, which was the first ever bounty that I ever received.
I have written a full write-up with all the details, vulnerability report, proof-of-concept, replies from the Facebook team and my follow-up responses in the official website of Ask Buddie, a Facebook group where you can help and support in the field of technology.
You can go through the full write-up with overall details here: https://www.askbuddie.com/blog/unauthorized-comments-on-facebook-live-stream/
Also, here’s a video that I submitted to Facebook as a proof-of-concept for the reproduction of the vulnerability:
I hope you would go through the full write-up of the vulnerability that I discovered in Facebook in late 2018. I would be looking forward to hearing responses from you regarding my write-up in the comments.