| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 17 Jun 2013 12:53:20 +0530 From: Arul Kumar <arul.xtronix@...il.com> To: full-disclosure@...ts.grok.org.uk Subject: Facebook Open URL Redirection Vulnerability 2013 Description: [#] Title : Facebook Open URL Redirection Vulnerability 2013 [#] Status : Unfixed [#] Severity : High [#] Works on : Any browser with any version [#] Homepage : www.facebook.com [#] Author : Arul Kumar.V [#] Email : arul.xtronix@...il.com I have found Open URL Redirection Vulnerabilities in facebook's dialogs such as"Option Dialog","Friends Dialog","OAuth Dialog".This Vulnerability is exploitable to all users who are signed into facebook. Impact of Vulnerability: 1. The user may be redirected to an untrusted page that contains malware which may then compromise the user's machine. 2. The user may be subjected to phishing attacks by being redirected to an untrusted page. 3. This bug can be applicable to any user who are signed in which works at any browsers with any version. Vulnerable Dialogs: Option Dialog : (/dialog/optin) OAuth Dialog : (/dialog/oauth) Friends Dialog : (/dialog/friends) Source: https://vimeo.com/68469298 http://www.securitytube.net/video/7787 If you need more details about this bug,Visit my blogspot.I have explained in brief about this bug. http://arulxtronix.blogspot.in/2013/06/facebook-open-url-redirection_3515.html Proof Of Concept: If any signed facebook user clicks any one of the following link,they will be redirected into our desired pages.URL Shorteners can be used to mask malicious links. Note: You must be signed into a facebook account to redirect sites. Vulnerable URL's: Once again i am remembering you,you must be signed into an facebook account to redirect sites 1)Using "next" Parameter: https://www.facebook.com/dialog/optin?app_id==&next=http://google.com https://www.facebook.com/dialog/oauth?app_id==&next=http://yahoo.com https://m.facebook.com/dialog/friends?app_id==&next=http://bing.com 2)Using "redirect_uri" Parameter: https://www.facebook.com/dialog/optin?app_id==&redirect_uri=http://google.com https://www.facebook.com/dialog/oauth?app_id==&redirect_uri=http://yahoo.com https://m.facebook.com/dialog/friends?app_id==&redirect_uri=http://bing.com 3) Phising demo: www.facebook.com/dialog/optin?app_id==&next=http://fbnew.t15.org Thank You, Arul Kumar.V _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists