CSRF worm
XSS worm
Comments
- The Facebook once again failed to protect from a simple XSS flaw, this time on their mobile site redirect script. It looks as their mobile site needs some attention - it was already exploited a few weeks ago. Come on, how many of these are still hiding in the FB code? This is basic stuff!
- The demonstrated Point of Concept attacks are state-of-the-art. Well commented, realistic, well thought out. Congratulations for @johnjean! Especially for preparing a full-blown XSS attack and not leaving it at dull and hermetic alert('XSS') and likes. As a sidenote: if you want to demonstrate the XSS quickly and make it interesting for the viewers - using Javascript Asteroids game is a great idea!
Disclosure after disclosure, XSS PoC are getting more advanced - and it's good, because the effect of XSS flaws on sites are devastating and we need to capture the attention of the common users. This time the story is simple for them - once you click on a webpage, you lose your Facebook online credibility, just because there was a XSS flaw on a single page. And the flaw was active for months!
- Take a look at the code of the exploit for the CSRF flaw (1st video) - it's really an easy way of performing automatic multi-step exploitation. The script for harvesting FB data is also interesting (the source for it has not been revealed).
- I still cannot believe that Facebook allowed for changing user's e-mail address without asking for his password first. It really is a fundamental flaw. Shame on you, FB.
I'm really looking forward to what @johnjean might come up with in the future.
Posts
1 comment:
Again, several errors made at a serious flaw. Very nice:}
Post a Comment