Facebook Exploit Tutorial

A new flaw in Facebook has recently been found allowing users to share posts onto anyone's wall, even if you're not friends . Below I will explain how this is done.

Create a Post

Begin by making a post, and tag someone in it by using @Name. You can add a photo or video it will still work.

Get Graph Data

Every Facebook users has a URL where their profile is stored e.g http://www.facebook.com/john.smith. For example purposes lets say the person tagged in this post is called "John Smith" so to get that users graph data we will go to the URL http://graph.facebook.com/john.smith. This is what you will see:

{   
    "id": "192834684",
    "name": "John Smith",
    "first_name": "John",
    "last_name": "Smith",
    "link": "http://www.facebook.com/john.smith",
    "username": "johnsmith",
    "gender": "male",
    "locale": "en_GB"
}

There is one important element you need from this information; Id:

"192834684"

(Do remember to write it down!)

Now get your victim

You now need to get your victims graph information by doing the same as above. But this time you will need their "name" and "id". I will use "Mike Anderson" as an example for this section.

{
    "id": "18957457869",
    "name": "Mike Anderson",
    "first_name": "John",
    "last_name": "Smith",
    "link": "http://www.facebook.com/mike.anderson",
    "username": "mikeanderson",
    "gender": "male",
    "locale": "en_GB"
}

You will need the "name" element as seen above e.g

"Mike Anderson"

(Case sensitive, must be written exactly as graph data) And the "id"

"18957457869"

(Id numbers differer in length)

Edit the source

This part will only work in Google Chrome, Chromium or Firefox. You must go back to the post you were writing, right click anywhere on the screen and click "Inspect Element" Press "Ctrl F" and search for the id number of the person tagged, in my case John Smith id="192834684"

Change the details

Now change the id number and name to your victims by right clicking the text and clicking "Edit Attribute" or by double clicking the text as shown below.

Almost there...

Now just hit post and you're done! A new post from you will appear on your victims wall whether you have them as a friend or not.

Joel Duncan

Joel Duncan

Joel Duncan

Joel Duncan