|Hacks|Crack|Tips |Tricks|Cracks |Programs|Tutorials |Movies|Games|


Thursday, September 27, 2012

Facebook URL Redirection Vulnerability | RFI

Friends, Recently I found a "Redirection Vulnerability" inside Facebook, However facebook refused to accept it as according to them the vulnerability targets very few people. This is what they replied:

Hi Wild Wings Hackers,

This endpoint contains a specialized parameter that limits its usage to a small number of computers and users, preventing it from being used as a completely open redirect. For more detailed background information, please see this note by one of the engineers on the product: http://www.facebook.com/notes/facebook-security/link-shim-protecting-the-people-who-use-facebook-from-malicious-urls/10150492832835766

Facebook Open Redirect Vulnerability

Affected Application : Main Website
Severity : Medium
Local/Remote : Remote
Vulnerable url : http://facebook.com/l.php?u= http://wildwingshackers.blogspot.in/ &sugexp=chrome,mod=9
& sourceid=chrome&ie=UTF-8&h=AAQGmYELO

Vulnerable URL:
www.facebook.com/l.php?u= http://wildwingshackers.blogspot.in/ &h=YAQH4kMuY&s=1

Discovered by: Rafay Baloch - [rafaybaloch(at)gmail(dot)com]


Due to a parameter filtering weakness any supplied input is accepted; as result redirects a user to the parameter value without any validation.

Note: This vulnerability works for only few users, It won't work for every one.

No comments:

Post a Comment