Now that's a fortune cookie! Facebook splats $5k command-injection bug in one of its servers
Credit:
The Register
Facebook has patched a remote-code execution flaw discovered in one of its servers.
Researcher Daniel 'Blaklis' Le Gall, of SCRT Information Security, said on Friday he bagged a $5,000 bug bounty from the social network for reporting a flaw that could be exploited to execute arbitrary commands using malicious cookies.
Though remote code execution bugs are considered serious problems, Le Gall noted that no Facebook user data was ever exposed or accessed via the uncovered hole. The bug was patched this month prior to today's disclosure.