Facebook has a bug bounty program that allows you to find vulnerabilities and report security issues ethically. If the security issue that you found is harmful to the privacy of Facebook's users or its servers then they will pay money as a reward for your efforts. So I also found a bug on Facebook and earned $500. Let's discuss the bug. The bug was to know a user has blocked another user or not.
To understand this, let's take an example. Suppose there are 3 users A, B, and C. Here, A and B are friends on Facebook. The user B has blocked user C. Now user A wants to know whether user B has blocked user C or not. But how? Let's see the below 2 case possibilities.
1. If user A is accessing Facebook using mobile site: Here, he needs to make a post.
To understand this, let's take an example. Suppose there are 3 users A, B, and C. Here, A and B are friends on Facebook. The user B has blocked user C. Now user A wants to know whether user B has blocked user C or not. But how? Let's see the below 2 case possibilities.
1. If user A is accessing Facebook using mobile site: Here, he needs to make a post.
- The user A will go to the profile of user B. For example, User A will go to m.facebook.com/b
- Then user A will post the URL of the user C (For example, "https://www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Fc") to the B's profile as a post via mobile site.
- The user A will go to the profile of user B. For example, User A will go to "https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fb"
- The user A will paste the URL of the user C (For example, "https://www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Fc") to the B's profile in the box where we post status.
- Now he/she(user A) just needs to hit the preview button. Now user A will not be able to see the preview of that one.