Using the new Facebook Poll Feature, anyone can integrate another user’s photos to that poll post and delete the poll along with the integrated URL of the photos.

Recently, Facebook have added a new feature called Polls which, instead of having plain content, enables users to post votable inquiries.  Users likewise have the capacity to include GIFs and photographs as reactions as well, rather than old plain content.  Users can sort in their inquiry in the content box with two choices for answers.  There’s no restriction to what extent polls can be, yet reactions are constrained to 25 characters.

In utilizing the Facebook bug, users can simply create a new poll with any photo in it, edit the code of the page and replace the image ID or URL of the photo to be published with the URL of the target photo to be deleted.  Upon publishing the poll, the user can now delete the poll and consequently, the integrated URL of the photo shall be deleted along with the entire post.

Having a picture deleted without the owner’s participation nor permission is in some way bothersome.  Considering that the particular bug has already been officially reported to Facebook, it can be presumed that measures have been taken to fix the discovered bug.  However, the discovered bug shows that even the most secure websites have flaws that must be remedied from time to time.  Users must always be updated to such bug discoveries to conduct the necessary precautions themselves.


Manny Cuevas

My name is Manny Cuevas a Security Researcher / Engineer for about 15 years that focuses on Web and Mobile applications and other platforms from the Island of Sulu, Philippines. I’m also a scientist, inventor and a top ranked hacker in the world that bypass all security systems.


Leave a Reply

Your email address will not be published. Required fields are marked *