Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
thnMohit KumarTHN:A851BE0EE343F8CF3C27253D0922C227
HistoryApr 17, 2013 - 4:49 a.m.

Hacking Facebook users just from chat box using multiple vulnerabilities

2013-04-1704:49:00
Mohit Kumar
thehackernews.com
9
JSON

Nir Goldshlager, Founder/CEO at**Break Securityknown for finding serious flaws in Facebook once again onThe Hacker News** for sharing his new finding i.e Stored Cross-site Scripting (XSS) in Facebook Chat, Check In and Facebook Messenger.

Stored Cross-site Scripting (XSS) is the most dangerous type of Cross Site Scripting. Web applications where the injected code is permanently stored on the target servers, such as in a database, in a message forum, visitor log, comment field, etc

**1.) Stored XSS In Facebook Chat:**This vulnerability can be used to conduct a number of browser-based attacks including, Hijacking another user’s browser, Capturing sensitive information viewed by application users, Malicious code is executed by the user’s browser etc.

When a user starts a new message within Facebook that has a link inside, a preview GUI shows up for that post. The GUI is used for presenting the link post using a parameter i.e attachment[params][title],attachment[params][urlInfo][final] , which was not actually filtered for valid links by Facebook.

For proof of concept, Goldshlager exploit this flaw in a way, that each time the victim clicks on this malicious message in Facebook Chat, the Stored XSS will begin to run on their client, as shown:

_
_

2.) Stored XSS In Facebook Check-In: The other major and an interesting Stored XSS that Nir reported is in the Facebook Check-In Screen. To exploit this loophole the attackers needs to first construct a new location within Facebook Pages and then, the attacker must change the settings in those new location. When the victim later decides to go to the place the attacker has been, a Stored XSS will run client-side.

**3.) Stored XSS In Facebook Messenger (Windows):**3rd and serious flaw in Facebook is capable of injecting a Stored XSS Payload in Facebook Messenger for Windows. Any time the victim sign in into their account in the Messenger, the Stored XSS code will execute on victim’s end.

** ** Video Demonstrations

Bugs was reported to Facebook last month by Nir and already patched by Facebook security team.

Old Finding by Nir:

  1. Facebook OAuth flaw allows gaining full control over any Facebook account
  2. Facebook hacking accounts using another OAuth vulnerability
  3. URL Redirection flaw in Facebook apps push OAuth vulnerability again in action
JSON