Now you all can invite me on skype for any kind of help required as my username is krackoworld


13 March 2013

Pin It

Facebook OAuth Vulnerability


If anyone can Remember the last OAuth Flaw in Facebook that allows attacker to hijack any account without victim's interaction with any Facebook Application, was reported by white hat Hacker 'Nir Goldshlager'. After that Facebook security team fixed that issue using some minor changes. Now Yesterday Goldshlager once again pwn Facebook OAuth mechanism by bypassing all those minor changes done by Facebook Team. He explains the complete Saga of hunting Facebook bug in a blog post. So please must see.

What is OAuth Vulnerability?

Well OAuth URL contains two parameters i.e. redirect_uri & next, and using Regex Protection (%23xxx!,%23/xxx,/) Facebook team tried to secure that after last patch.

Actually He uses facebook.com/l.php file (used by Facebook to redirect users to external links) to redirect victims to his malicious Facebook application and then to his own server for storing token values, where tokens are the alternate access to any Facebook account without password.

warning

But a warning message while redirecting ruin the show ! No worries, he found that 5 bytes of data in redirection URL is able to bypass this warning message.


Example:  https://www.facebook.com/l/goldy;touch.facebook.com/apps/sdfsdsdsgs (where 'goldy' is the 5 byte of data used).


Now at the last step, He Redirect the victim to external websites located in files.nirgoldshlager.com (attacker server) via malicious Facebook app created by him and victim's access_token will be logged there also. So here we have the final POC that can hack any Facebook account by exploiting another Facebook OAuth bug and many more.


For Browsers:
https://www.facebook.com/connect/uiserver.php?app_id=220764691281998&next=https://facebook.facebook.com/%23/x/%23/l/ggggg%3btouch.facebook.com/apps/sdfsdsdsgs%23&display=page&fbconnect=1&method=permissions.request&response_type=token

Latest News: This bug was also reported to Facebook Security Team last week by Nir Goldshlager and has fixed now. Thanks!




Respected Readers :-
As a 18 years old student, running the top most blog in today's world is something quite difficult to do or handle as we bring the best things available related to ethical hacking and security tips to our readers every day. To keep us strong with this attitude, a small contribution from your side will highly be appreciated.

 

E njoyed this post very much – So why not you Subscribe to our regular Email Updates ! and stay connected with us forever .  

Kindly Bookmark and Share it with your friends :

1 comment :

Your feedback is always Precious to us.
I will try to answer all the queries as soon as possible.

Regards
karan chauhan

 

Recent Posts

Recent Comments

| KrackoWorld (KoW) © 2014. All Rights Reserved | Style By All Web Designing | | Contact |