When I took a closer look at the source code I found a link which appears like
https://www.facebook.com/photo.php?fbid=16010056615656&set=a.1381885332092249.1073741826.10000745651651&type=1&makeprofile=1&profile_id=10000745651651&pp_source=timeline
It was a URL I mean is a URL :P So , I tried on the URL in a new tab then it appeared like (still appears).
To my goodness I could see the window that appears when we change the profile picture . I clicked on save then my profile picture was successfully changed. Now , what I am gonna show you is to create a malicious link that changes others profile picture . You need to send the link to the victim and if the victim clicks the link then the above like screen appears , if by mistake h/she clicks on save then you are lucky ;)
The above URL https://www.facebook.com/photo.php?fbid=161561651456515&set=a.1381885332092249.1111165165165.1012222222464654&type=1&makeprofile=1&profile_id=1012222222464654&pp_source=timeline
consists of mainly two parts (to stick to the topic here) ; Facebook id and Facebook picture id .You can clearly see the number after fbid= . That is the Facebook picture id , you can get your picture id by clicking on any image . You can see a number after fbid= that is Facebook picture id . You can get Facebook id of that user by clicking on one of his pictures and notice the URL at the end of the URL you will see a long number like above we got 10000745651651 . These numbers are the parameters behind this trick . Next what you have to do is ;) Replace those Facebook picture id and Facebook id by the Facebook id of the victim and the picture id you want to make him/her profile picture and send the link to the victim.
https://www.facebook.com/photo.php?fbid=pictureid&set=a.1381885332092249.1073741826.userid&type=1&makeprofile=1&profile_id=userid&pp_source=timeline
Replace userid with the facebook user id you have tracked and pictureid with the id of the picture .
;)
