Results 1 to 6 of 6

Thread: Facebook 3rd Part App Installing Page UI Redressing Vulnerability Share/Save - My123World.Com!

Threaded View

  1. #1

    Facebook 3rd Party App Installing Page UI Redressing Vulnerability

    #Title: Facebook 3rd Part App Installing Page UI Redressing Vulnerability
    Author: Sandeep Kamble
    #Business Risk : Medium Risk
    #Attack Type: UI Redressing Vulnerability
    #Tested Browser: Firefox 3.6.27
    #OS: Win 7 / Linux
    #Reported Date: July 26 , 2011


    Summary
    GDay ! Recently , I have submitted UP Redressing Vulnerability to Facebook. Vulnerability enables attacker to install any 3rd Party malicious application into victim Facebook account.

    Overview
    Clickjacking (UI Redressing )is an exploit in which coding on a malicious website is hidden beneath apparently legitimate buttons.

    The strange part of this testing was Facebook 3rd party App installing page already protected for UI redressing vulnerability. The Protection is perfectly working on chrome , safari , IE & New Version of FF .

    But Facebook 3rd party App installing page UI redressing failed to work on Firefox 3.6.27. So in Firefox 3.6.27 i perfectly iframed page & made a perfect POC Facebook team.

    Code:
    Public POC :


    Special Thanks to FB team to fix this Bug ! My team G4h

    Thanks
    [S] - Sandeep
    Last edited by [s]; 08-04-2012 at 10:12 AM.
    Garage4Hackers bugs for the community , of the community

    We provide IT
    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
    :
    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
    |
    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.


    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
    |
    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
    |
    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •