Page Admin Disclosure when clicking join button in Page inbox of mobile version
Description:
Every facebook group has feature “Share this group” with option like how to share (share on your timeline, page, share in private message.
So using this feature in group while interacting as page if page share this group in private message then group link sent in page admins profile which is intended.
if interacting as page sent share group link using this feature to any page then that link goes to victims page’s inbox.
Now in web platform that shared link displayed as normal, but if we look page inbox in mobile version then we can see that there is “+” plus sign to join group.
Once victim page received link in page inbox sent by group admin and victim page opens inbox in mobile version and click on + plus sign then, group join request sent as page admin without his knowledge., because link received in page inbox.
Continue reading “Facebook Page Admin Disclosure”