Researcher spots 'Freebooting' vulnerability in Facebook tool
The bug is caused by insufficient permission checks in Facebook’s recently introduced Rights Manager tool.
NETMYSOFT Chief Technical Officer (CTO) Laxman Muthiyah spotted a vulnerability on Facebook's Rights Manager platform which allows Freebooting, the act of downloading someone else's pirated content and uploading it another online platform.
The bug is caused by insufficient permission checks in Facebook's recently introduced Rights Manager tool and allows an unauthorized user to read, edit and delete source video or manipulate a detected pirated video, according to an Aug. 8 blog post.
“Since it is an app owned by Facebook, its access token allows us to read or manipulate data for any Brand page due to insufficient permission checks,” Muthiyah said in the post.
The tool is preapproved for a few official pages and allows them to detect and claim their copyrighted videos uploaded to Facebook.
Muthiyah reported the now patched bug to the social media platform and was awarded a $4,000 bounty.