In the past few days, Facebook refused to pay bounty to Khalil Shreateh, the security researcher who used the bug he discovered to post directly on Facebook CEO Mark Zuckerberg’s Timeline after Facebook Security rejected his attempts to report it.
Ehraz
Ahmed, an independent Security Researcher claimed that he reported a
critical vulnerability to the Facebook Security team, which allows the
attacker to delete any account from Facebook.
But Facebook refuses to Pay Bug Bounty, because he tested flaw once on his friend's account, "I
reported this bug to Facebook, I'm really not happy with them. After
waiting for such a long time for their reply, they denied it saying that
you used this bug only works for test accounts, where as I used it for
removing real accounts and now the vulnerability is also fixed after
their email." he said on his blog.
https://www.facebook.com/ajax/whitehat/delete_test_users.php? fb_dtsg=AQA1E-WE&selected_users[0]=[Victems Profile ID]&__user=[Attackers Profile ID]&__a=1Where selected_users[0] and __user parameters are vulnerable to run exploit.
