A Cross Site Request Forgery(CSRF) vulnerability in Facebook allowed hackers to record video of target users and post in the victim's wall. The vulnerability was discovered by security researchers Aditya Gupta and Subho Halder, from XYSEC Team .
A malicious hacker could record trick a user to silently record his webcam video and publish it to his facebook wall, without the user even knowing about it.
In a youtube video, researcher demonstrate how an attacker could exploit this vulnerability in a Youtube video.
Four months after researcher notified facebook about the security flaw, facebook finally emailed them that their finding is eligible to receive a bug bounty of $2500, that will come as a Facebook WhiteHat Debit Card.
PoC:
