Delete any Photo from Facebook by Exploiting Support Dashboard

This guy was lucky to be proficient enough in English to recieve the bounty, unlike this guy: <a href="http://www.theverge.com/2013/8/18/4633046/facebook-security-bug-let-anyone-post-on-walls" rel="nofollow">http:&#x2F;&#x2F;www.theverge.com&#x2F;2013&#x2F;8&#x2F;18&#x2F;4633046&#x2F;facebook-security-...</a>

Facebook should make a &quot;Hack Me&quot; profile for people to mess with, so they don&#x27;t have to use Zuckerberg&#x27;s instead.

Maybe now we can delete our own facebook photos...

Is it still worth it to follow every link on Facebook and check the URLs&#x2F;AJAX requests whether the parameters can be tampered with? At Facebook&#x27;s scale I always assumed there would be someone full-time employed to do this. In fact, I wouldn&#x27;t mind if it was good paying. Just give me all the Facebook frontend endpoints and I will go by them one-by-one. Manually. I will even document the test cases and what could be intercepted, changed or can be improved in terms of validation.

Facebook really doesn&#x27;t test anything for security vulnerabilities before pushing to production, do they?

wow that&#x27;s a nice bounty for changing two parameters on the end of a URL.

As I understand it, the exploit involves crafting a URL to send in a removal request to the Facebook support. Wouldn&#x27;t this count as social engineering or were the removal requests automated?<p>Regardless, well done!

Pretty sure Mark Zuckerberg has had his Facebook profile fucked with more than anyone else, judging by all these disclosures I&#x27;ve been reading :)