Facebook - exploits / exploiting / tricks / hacks / hacking

Researching, Proof of Concepts, Hacking, Console Modding and Hacking and more. No game hacking / modding here.
Post Reply
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Facebook - exploits / exploiting / tricks / hacks / hacking

Post by Sethioz »

Not so much at the moment, but from time to time i check into it. i just checked it with webscarab and found out that user ID means nothing or maybe it does ?
you can easily get anyone's user ID from the message you send them. so far i manged to send message to myself, which obviously should be possible. however tampering with other user IDs gets me logged out and i have to login again, obvoiusly corrupts the login.

here's a msg packet with false IDs:

Code: Select all

msg_id=1314291794641%3A3767966472&client_time=1314291792962&to=100000116796666&num_tabs=1&pvs_time&msg_text=emptyZ&to_offline=false&to_idle=false&popped_out=false&post_form_id=0f204c8ad5acfabee723bc116a3ebba4&fb_dtsg=AQB5Vpsx&lsd&post_form_id_source=AsyncRequest&__user=100000028337777
noticed the "&to=100000116796666" ? thats the part where it says who recieves the message you send, you can easily change it and it goes to whoever's ID it is. there are more fields, like some in cookies.
this is just beginning, it might be possible to talk to the ppl who have blocked you or send messages as some1 else.
maybe in future i will check more deepling into this, this simple test was done in less than 10 mins.
Post Reply