IDOR FACEBOOK: malicious person add people to the “Top Fans”

Insecure Direct Object Reference (IDOR)

After digging around in Facebook looking for possible bug’s, I watched Facebook recently added a feature that allows fans to allow them to submit requests to be categorized in their favorite pages as their “Top Fans”. Facebook has made this optional.