Vcoderz Community

Vcoderz Community (http://forum.vcoderz.com/index.php)
-   Computers & Information Technologies (http://forum.vcoderz.com/forumdisplay.php?f=6)
-   -   Facebook XSS in the wild (http://forum.vcoderz.com/showthread.php?t=18993)

Google 09-03-2010 02:12 PM
Facebook XSS in the wild
 
Check this, it was found today:
http://www.facebook.com/photo_search...29946463714673

Now hackers can benefit from this to hijack accounts until facebook fixes the bug.

SysTaMatIcS 09-03-2010 07:07 PM
So i can write whatever i want in this? instead of heya , how can hacker make use of this?
<script>alert('HEYYAAA')</script>

RUSSIAN 09-03-2010 07:36 PM
Replace it with any JS code you want.

Google 09-04-2010 01:57 AM
Quote:
Originally Posted by SysTaMatIcS (Post 221964)
So i can write whatever i want in this? instead of heya , how can hacker make use of this?
<script>alert('HEYYAAA')</script>
This HEYYAAA alert box is a proof of concept of the exploit. It means that you can inject JavaScript code on this page. Injecting JavaScript in the page means that you are able to steal other user's cookies. Stealing other user's cookie means you are able to impersonate that user and hijack his/her account.

Google 09-06-2010 02:20 AM
This exploit is now fixed by Facebook team.
"Yalli darab darab, wyalli harab harab" :p

Google 04-02-2011 05:20 AM
Another facebook xss found by me ;)
 
Video:

I reported this vulnerability to Facebook and xssed.com so it will soon be fixed. Enjoy for now ;)

SysTaMatIcS 04-03-2011 05:46 PM
lol get a job at fb , security counselor


All times are GMT +1. The time now is 05:33 PM.

Powered by vBulletin® Version 3.8.3
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.
Ad Management plugin by RedTyger