I don’t usually do write-ups for my findings but this one is so funny that every time i get a giggle when i think about how i found it, this also shows you don’t need to be a web expert to find bugs.
It’s July i was talking with a friend on FB messenger the topic was about boys, in one of my messages i made a typo instead of writing (kwr) i wrote (ker) both (w) and (e) keys are beside each other, this may look normal but..
I was talking in Kurdish and the translations are:
kwr = Boy
ker = Penis
It was embarrassing and i deleted the message immediately using [Remove for Everyone] feature, this will delete the message permanently in both sides and replace it with a text (You removed a message)
For a second i thought wait this may happened before and i didn’t notice it, Saying word (kwr) (boy) is not a rare thing and maybe i made this typo before. Messenger has a feature for searching for any message in all of your conversations so i used that to search for (ker), surprisingly this came out in the results:
When i clicked to see the message it didn’t go to the conversations history and show the exact message, it only showed the result, Does that mean i made that typo before?
After some investigation i figured out that that (1 result) prompt is my deleted message and i didn’t make any typos before.
But how is that possible? isn’t FB deleting that message permanently?
Using this bug i was able to see that FB is keeping a deleted message for about 9 days so next time think twice when you send nudes in Messenger, FB doesn’t state about this in anywhere but in the deleting dialog box it says you can still report a deleted message if it’s against community standards.
While reporting this to FB i made some nice POC’s using bruteforcing to recover a deleted message if it was a Porn website or a 4 digit number.
Here is the exact photo of my deleted message that lead to this discovery:
Isn’t that a funny find 😂
Facebook patched it within a month are rewarded me with 0x1f4