Facebook API v2.1 - RFC6749 Open Redirect Vulnerability

Type vulnerlab
Reporter Vulnerability Laboratory [Research Team] - SaifAllah benMassaoud (http://www.vulnerability-lab.com/show.php?user=SaifAllahbenMassaoud ) ( facebook.com/WhiteHatSecuri )
Modified 2016-10-10T00:00:00


A vulnerability has been discovered in connection to the RFC6749 Open Redirector Attack in the Facebook API v2.1. The RFC6749 Open Redirect Attack vulnerability allows remote attacker to convince an user to click on a trusted link which is specially crafted to take them to an arbitrary website, the target website could be used to serve for exmaple a malicious malware attack.

The RFC6749 open redirect vulnerability is located in the response_type, client_id and redirect_uri parameters. The request method to exploit the vulnerability is GET and the attack vector is located on the client-side of the framework web-application. The vulnerable code is located in the api v2.1 of the facebook framework. During the exploitation the victim Facebook account retrieves a malicious malware link site.

The security risk of the issue is estimated as medium with a cvss (common vulnerability scoring system) count of 3.2. Exploitation of the web vulnerability requires no privileged web-application user account and low user interaction. Successful exploitation of the vulnerability results in session hijacking, non-persistent phishing attacks, non-persistent external redirect to malicious sources.

Request Method(s): [+] GET

Vulnerable Module(s): [+] /oauth/authorize

Vulnerable Parameter(s): [+] response_type [+] client_id [+] redirect_uri