Freebooting is a sort of piracy, most commonly referred as downloading someone else’s copyrighted material and uploading it to any other internet platform, often videos from Youtube to Facebook. A security vulnerability in Facebook’s newly introduced platform called [Copy] Rights Manager (to prevent Freebooting) allows one to hack Facebook brand page copyright data easily.
So what’s the hack?
Rights Manager tool is preapproved for few official pages and any one can request for approval.
Since it is an app owned by Facebook, its access token allows us to read or manipulate data for any Brand page due to insufficient permission checks.
Read how hackers could hack Facebook account password and their prevention measures
Proof of Concept :-
All the above fields added in the parameters can be updated.
Reading Victim’s Copyrights
Deleting Victim’s Copyrights
Create copyright rule on behalf of victim’s page
Read Victim’s Copyright Rules
Delete Copyright Rule