Hi, everyone. Today I'm going to disclose my Facebook Bug to the public. I found this bug on 11 September 2013, but I was disappointed to hear from the Facebook Security "Emrakul" that a previous reporter had reported that bug before me.:( But they have fixed the vulnerability so I'm going to disclose it.
Descriptions:
Title : Open URL Redirection
Status : fixed
Severity : Low
Works on : Any browser with any version
I found the redirection on the "/dialog/feed/" after "www.facebook.com".
1. The user may be redirected to an untrusted page that contains
malware which may then compromise the user's machine.
2. The user may be subjected to phishing attacks by being redirected
to an untrusted page.
3. This bug can be applicable to any user who are signed in facebook.
repro:
If any signed facebook user clicks any one of the following link,they will be redirected into our desired
pages. URL Shortners can be used to mask malicious links.
Note: You must be signed into a facebook account to redirect sites.
VULNERABLE URL's
https://www.facebook.com/dialog/feed/fb_dtsg=AQCRqLbh&charset_test=%E2%82%AC%
2C%C2%B4%2C%E2%82%AC%2C%C2%B4%2C%E6%B0%B4%2C%D0%94%2C%D0%84&error_
ok=Okay&_path=feed%2F&redirect_uri=http%3A%2F%2Fgoogle.com&display=touch&from_post=1
https://m.facebook.com/dialog/feed/fb_dtsg=AQCRqLbh&charset_test=%E2%82%AC%2C%
C2%B4%2C%E2%82%AC%2C%C2%B4%2C%E6%B0%B4%2C%D0%94%2C%D0%84&error_ok=
Okay&_path=feed%2F&redirect_uri=http://google.com&display=touch&from_post=1
https://touch.facebook.com/dialog/feed/fb_dtsg=AQCRqLbh&charset_test=%E2%82%AC%2C%
C2%B4%2C%E2%82%AC%2C%C2%B4%2C%E6%B0%B4%2C%D0%94%2C%D0%84&error_ok=Okay
&_path=feed%2F&redirect_uri=http://google.com&display=touch&from_post=1
https://beta.facebook.com/dialog/feed/fb_dtsg=AQCRqLbh&charset_test=%E2%82%AC%2C%C2
%B4%2C%E2%82%AC%2C%C2%B4%2C%E6%B0%B4%2C%D0%94%2C%D0%84&error_ok=Okay
&_path=feed%2F&redirect_uri=http://google.com&display=touch&from_post=1
By deleting "AQCRqLbh" after "fb_dtsg=" and "%E2%82%AC%2C%C2%B4%2C%E2%82%AC%2C%
C2%B4%2C%E6%B0%B4%2C%D0%94%2C%D0%84" after "charset_test=" also we can redirect to
the desired website.
You just have to change the http://google.com your desired malicious link.
This was said in the original message received by me from the facebook security.
Hi,
We're already aware of this issue because a previous reporter sent this in to us.
We're working to fix it but we won't be able to reward you. We appreciate you taking the time
to find and send this our way.
Thanks,
Emrakul
Security
Facebook
-----Original Message to Facebook-----
From: xxxxx@hotmail.com
To:
Subject: Site redirection vulnerability
Name: xxxxxxxxxxxx
E-Mail: xxxxxx@hotmail.com
Type: open_redirect
Scope: www
No comments:
Post a Comment