That is why you don't work with fucking idiot wannabe vulnerability reseach groups like vulnerability labs ESPECIALLY when you have a fucking owner that comes from some shit-place country. Next time, report it yourself (grow some balls son), wait for the response, log every detail, wait for payment, then publish. Look at how lame these idiots are with thes "vulnerabilities": Lame as shit:
.fake as fuck (not even facebook attachments):
lame as shit (requires user-interaction it's somehow an open url redirect exploit lol):
.A team made of clowns, for clowns.