InfoSec Write-ups

A collection of write-ups from the best hackers in the world on topics ranging from bug bounties…

Follow publication

Member-only story

How I Earned $500 for Getting Trapped in a Private Facebook Event

Connect with me : https://linktr.ee/vivekps

My article is open to everyone; non-member readers can click this link to read the full text.

If you think RSVP-ing to a Facebook event is a harmless click, think again. Because once upon a time, clicking “Going” could mean forever going, whether you liked it or not.

That’s right. I found a bug that let event admins trap people inside Facebook events with no way to leave. And the best part? Facebook paid me $500 for it.

Step 1: The “You’re Stuck Forever” Glitch

Imagine waking up to find yourself officially attending the “Flat Earthers Annual Conference”. You try to remove yourself, but — surprise! — you can’t. You’re stuck. Permanently RSVP’d. People start asking questions. Your reputation takes a hit. Your mom calls.

Why? Because an event admin blocked you.

Here’s how this digital hostage-taking worked:

  1. Attacker creates a private Facebook event — something ridiculous, like “The Society for People Who Microwave Ice Cream”.
  2. Attacker invites the victim (that’s me, or you, or anyone unlucky).

Create an account to read the full story.

The author made this story available to Medium members only.
If you’re new to Medium, create a new account to read this story on us.

Or, continue in mobile web

Already have an account? Sign in

Published in InfoSec Write-ups

A collection of write-ups from the best hackers in the world on topics ranging from bug bounties and CTFs to vulnhub machines, hardware challenges and real life encounters. Subscribe to our weekly newsletter for the coolest infosec updates: https://weekly.infosecwriteups.com/

Written by Vivek PS

I’m a programmer, web security researcher and chess player, focused on innovation, learning, and creating impactful solutions for growth.

No responses yet

Write a response