Reveal the page admin that uploaded a video on the page in comment section

Recently I read a page admin disclosure writeup that was found by Kassem Bazzoun in .That bug Reveal the page admin that uploaded a video on the page feeds and After reading the Write Up then I decided to try if I can bypass the Fix with different scenarios.

The Question Raised in my mind that how Facebook server will validate the Video ID if it is in Different section in pages.


  1. Video in Page Cover Pic
  2. Video in Page Conversation
  3. Video in Comment Section on page feeds

The 3rd example disclosed the page admins User ID in response. with same reproduction steps in Kassem Bazzoun Write Up .

Reproduction Steps:

  1. Find if any video was uploaded in comments section of page post. that was uploaded as page.

2. Then the attacker need to get the Video ID of the video in comments by using Facebook Api.


3. After getting the Video ID open the and click any images that was send between the conversation and then click “Info” button. Before Clicking the info button make sure Burp Suite Intercept is on.

4. Intercept the request and replace the node(xxxxxxx) Base64 value into the Video ID in the comment section

5. After forwarding the the request the response disclose the creator User ID of the page role person that who uploaded the video.


22-Sep-2020: Report Sent

22-Sep-2020 : Further investigation by Facebook

08-Oct-2020: Fixed confirmed by Facebook and me

10-Oct-2020: $4500 bounty + $338 bonus awarded by Facebook

This bug was reported on BountyCon2020 event submission and Thank you Facebook Team for quickly addressing and fixing this issue.

Apart from this bug also found another 2 bugs during event submission .

  1. Delete any Photos in Facebook.
  2. Stealing CSRF token using Click Jacking Attack.

Will make this remaining writeup soon..



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store