Bypassing Message Request inbox

Description/Impact
Through job contact message a malicious user can bypass message request

step:

1- create a job and select to be contacted via message

2 - via job application contact yourself (message thread created)

3 - add anyone to conversation , victim receive message in his inbox instead of (message request or in spam )

thanks

Timeline

May 1, 2020 — Report Sent
May 5, 2020— Acknowledged by Facebook
May 14, 2020— Fixed by Facebook
May 21, 2020 — Bounty awarded by Facebook

https://twitter.com/yaalaab

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store