Facebook has awarded $33,500 to a Brazilian web security researcher after he discovered a serious weakness in the site that could have allowed hackers into the system.
The issue, known as an XML external entity vulnerability is explained by Computer engineer Reginald Silva in his blog. ‘They allow you to read any files on the filesystem, make arbitrary network connections,’ and could even be susceptible to hacking the email recovery system.
The flaw also left doors open for the issue to be developed into an even more serious vulnerability, which could have allowed hackers to use Facebook to infect users with malware – this is considered the highest level of risk.
Silva’s discovery and explanation of how the flaw could be escalated have resulted in the highest reward from Facebook to date. Facebook immediately corrected the vulnerability and issued a statement on the Facebook Bug Bounty page.
