IDOR FACEBOOK: malicious person add people to the “Top Fans”
Insecure Direct Object Reference (IDOR)
After digging around in Facebook looking for possible bug’s, I watched Facebook recently added a feature that allows fans to allow them to submit requests to be categorized in their favorite pages as their “Top Fans”. Facebook has made this optional.
https://medium.com/@UpdateLap/idor-facebook-malicious-person-add-people-to-the-top-fans-4f1887aad85a