I offers security consulting services within the space of Penetration Testing , Ethical Hacking , Vulnerability Assessments and Security Code and Configuration Reviews ~

Facebook Mark Zuckerberg Password Reset Bug - Not exploitable

I was looking for a bug in forgot password facebook.

I was send reset password link to my email account through facebook. Open the link and change my id with Mark Zukerberg's Id to 4.





Mark Zukerberg's Id
http://graph.facebook.com/4



I was thought that I have fount something. but its not I've tried this bug using my own accounts (Not Mark Zuckerberg :) and it doesn't allow me to set a new password. The "n" parameter is tied to the "u" parameter. Instead of using Mark Zuckerberg's account



Video POC: