Facebook New Account Verification Bypass

Santosh Baral
Dec 13, 2019 · 3 min read

On September 22, 2019, at 11:30 pm, I was preparing for my board exam and I feel tired reading all those stuff. Then I think to open Facebook and see some news-feed but I don’t know what comes in my mind that I opened a new private tab in my Firefox and tried to create a new account. Firstly I filled the new account form with all correct and valid details and all of a sudden I thought what if I give wrong email address can I verify it somehow and I fill the form with the wrong email and clicked for sign up. Then I was redirected to a new page/verification page. I thought I can’t do anything without verification but I saw an option to see our profile I thought it won’t work if I click that option, also it will redirect me to verification page again but I was surprised when I tried that I was able to visit my profile and do anything I want like change profile pictures, posting status and other things. But the thing was there was no more option than that like no option for search and others.

Then I thought what if I change the URL and try to visit someone profile and I change the URL to my original account profile and boom I was able to visit my profile and I was able to see an option for search and all other options what we see in a verified account.

I was more shocked when I got to know that I can send a friend request, comment, share and like any public or friends post. Then I sent a friend request to my original id and I accept that friend request to see what more can I do. After accepting the friend request I was also able to send messages to my real account.

It took me around 15 minutes to find all those stuff. I immediately report it to Facebook at around 11:50–12:00. After waiting for 3 days they finally reply to me I was happy with that notification but all of a sudden all my happiness was stolen from me I got a reply that Facebook team know about it internally and are working to improve the verification flow.

Though I didn’t receive any bounty I thought it will be good if I share my finding to you all. Thanks for reading all till last. This is my first write-up on such topic so there may be some mistakes so I am sorry for those silly mistakes.

========================================

PoC Video Link:- https://youtu.be/UDetCErBD9E

========================================

Find Me On:-
Facebook:- https://facebook.com/santoshbrl5
Instagram:- https://instagram.com/santoshbrl5
Twitter:- https://twitter.com/santoshbrl5

========================================

See this write-up on my site:- https://techohnepal.com

========================================

My Site:-

https://santoshbrl.com.np
https://sagarbaral.com.np
https://baralsantosh.com.np

Written by

From Nepal. Love Networking. Interested in Cybersecurity. Part time Blogger and Web Developer.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade