Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Facebook XSS vulnerability
Posted by: acidburn
Date: July 28, 2007 05:27PM

I did manage to find a Facebook vulnerability that let me put executable code in a profile. And then, you know.....hidden iframes ftw. :)

Since it's for a school project I put together a full writeup of how it works, although I omit the location of the actual vulnerability. (I e-mailed Facebook and they responded saying thanks but they still haven't fixed it yet, so I'll give them a few days.)

full writeup: http://www.cs.virginia.edu/felt/fbook/facebook-xss-censored.pdf

webpage with a brief explanation and video: http://www.cs.virginia.edu/felt/fbook

Options: ReplyQuote
Re: Facebook XSS vulnerability
Posted by: rsnake
Date: July 30, 2007 03:13PM

Nice writeup - so what sort of class was this for? What was the assignment?

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: Facebook XSS vulnerability
Posted by: acidburn
Date: August 09, 2007 10:28AM

It's for my senior thesis. I'm looking at the inherent flaws in the mashup model...there's nothing between full isolation (iframe) and full trust (inline code). So, you know, people choose full trust so that they can maintain communication and then defensive design goes out the window.

Facebook doesn't seem to have taken this seriously...they haven't bothered to patch it. This is frustrating. It could be used for a worm, highly sophisticated phishing attacks, sending yourself hundreds of dollars of Facebook gifts...

Options: ReplyQuote


Sorry, only registered users may post in this forum.