http://graph.facebook.com/4
u are able to enumerate all known usernames via a get request by changing the id parameter which in this case is 4
i cant take credit for finding this but as far as i know this is an issue i believe there is a bruteforce attack possible due to being able to correctly ask it a username if enough were guessed you would have a valid list of facebook users
and i assume allot of idiots use a password like this
username=password
i may be wrong but meowlulzcat showed me the url and i think i found an issue with it like i said i thought you had to use authentication with oauth an wtf who lets you grab a valid facebook username jesus isnt that private
and fuck if you need an email to login i would just concatenate the known email providers such as @yahoo.com,@gmail.com,@aol.com etc
