Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Facebook Vulnerability. Show all posts
Vulnerability
Breaking News Bug Bounty Hunter Facebook Vulnerability hacker news Information Security News Vulnerability

Another OAuth Vulnerability allowed to hack facebook accounts

Just a few weeks ago Nir Goldshlager released a OAuth vulnerability on Facebook. A security researcher Amine Cherrai has also found similar vulnerability on facebook that allowed hackers to get the access_token and full permissions of any account on facebook.

"As you may know, last month Facebook has closed many bugs leading to security reinforcement of  'redirect_uri' parameter and prevent hijacking attacks. One of these reinforcement were rejecting all   'redirect_uri' that has '#' or  '#!'." Researcher wrote in his blog.

"While I was looking in the Facebook Javascript SDK I found something strange, I found that it uses http://static.ak.facebook.com/connect/xd_arbiter.php?version=21#channel=f876ddf24&origin=http://localhost&channel_path=/oauth/PoC_js/?fb_xd_fragment#xd_sig=f3adf0e04c&” as  aredirect_uri and it’s not rejected… So I said let’s use it too!!!"

Amine successfully generated a poc that redirects to another facebook page with the access token.  But he faced some problem while redirecting to external website.

Nir Goldshlager helped Amine by suggesting to redirect to an application in facebook then the application redirects to an external website instead of redirecting directly to an external website. After following the instructions from Nir Goldshlager, he successfully manged to generate a final redirect_uri.


POC video



Facebook has learnt from its previous lessons and is now fixing vulnerabilities as soon as somebody reports them,this Vulnerability has already been fixed.
Read more »
Nir Goldshlager
Facebook Vulnerability Featured hacker news IT Security News Nir Goldshlager

How researcher Hacked Facebook OAuth To Get Full Permission On Any Facebook Account


A Security Researcher Nir Goldshlager, has discovered a security flaw in Facebook that allowed him to take a full control over any Facebook account.

OAuth is used by Facebook to communicate between Applications and Facebook users, Usally users must allow/accept the application request to access their account before the communication can start. Facebook application might ask for different permissions.

According to researcher, the vulnerability gives a full permissions (read inbox, outbox, manage pages, manage ads, read private photos, videos,etc..) over the victim account .

"To make a successful attack, the victim need to use a Facebook application (Texas Holdem Poker, Diamond Dash, etc..). And these applications only have a basic permissions, We can always change the scope of the application permission and set a new permission but this method not powerfull, Because the victim need to accept the new permissions of the app" Researcher said in his blog.

But researcher discovered that there are built-in Applications(Facebook Messenger) in Facebook that users never need to accept , And this application have a full control on your account.

PoC:

https://www.facebook.com/connect/uiserver.php?app_id=220764691281998&next=https%3A%2F%2Ftouch.facebook.com%2F%23~!%2Fapps%2Ftestestestte%2F&display=page&fbconnect=1&method=permissions.request&response_type=token


Demo:







Read more »
Vulnerability
Cyber Security Facebook Vulnerability IT Security News Vulnerability

Password Reset Vulnerability in Facebook allowed hackers to hijack accounts


An Independent Security Researcher, Sow Ching Shiong, has discovered a serious Password reset vulnerability in Facebook that allowed hackers to change the passwords of facebook accounts.

Normally, User is required to enter his current password before they can set the new one to prevent an unauthorized person from changing the password without the user's knowledge.


However, the Researcher identified that a hacker could change user's password without known the user's current password by accessing the url "https://www.facebook.com/hacked", which automatically redirected to the compromised account recovery page.


In this page,  an attacker was simply prompted to enter the new password and confirm it, without having to know any other information.

Facebook Security Team fixed the vulnerability after being notified by the Security researcher and Sow Ching Shiong has been added to Facebook's white hats list ( https://www.facebook.com/whitehat )
Read more »
Security researcher
Facebook Vulnerability Featured Nir Goldshlager Security News Security researcher

Nir Goldshlager found vulnerability in Facebook Employees Secure Files Transfer service

A Web Application PenTester , Nir Goldshlager, has identified a Security flaw in the Facebook's Employee Secure File Transfer that allowed him to reset the password of accounts.

The Secure File Transfer service provider "Acellion" provide service to Facebook's Employee for transferring files.  The Acellion had removed the registration page to prevent unauthorized users from creating accounts.

However, the Researcher discovered that the registration page could still be accessed by someone who know exact direct location of registration form.

After he created the account, he started to analyze the service for a security flaw. He successfully managed to find a critical vulnerability. There is a html file "wmPassupdate.html" which is used for a Password Recovery in Accellion Secure Files Transfer.

Facebook Security Flaw

He identified that there is referrer parameter used in the cookie that encoded with base64. By changing the values of this parameter, he could change the password of any account.

Facebook and Accellion fixed the issue after being notified by the Researcher.  The also claimed to have reported 20+ different bugs in Accellion Secure File Transfer Service. They fixed all of those bugs.

The POC for the vulnerability:


Read more »
Security News
Breaking News Bug Bounty Programs Facebook Bug bounty Facebook Vulnerability IT Security News Security News

Facebook vulnerability allowed hackers to record video of user and post in his wall


A Cross Site Request Forgery(CSRF) vulnerability in Facebook allowed hackers to record video of target users and post in the victim's wall. The vulnerability was discovered by security researchers Aditya Gupta and Subho Halder, from XYSEC Team .

A malicious hacker could record trick a user to silently record his webcam video and publish it to his facebook wall, without the user even knowing about it.

In a youtube video, researcher demonstrate how an attacker could exploit this vulnerability in a Youtube video.

Four months after researcher notified facebook about the security flaw, facebook finally emailed them that their finding is eligible to receive a bug bounty of $2500, that will come as a Facebook WhiteHat Debit Card.

PoC:

Read more »
Vulnerability
Facebook Hacking Facebook Vulnerability Featured Vulnerability

Facebook Hack: vulnerability allows attacker to launch DOS attack against any user


Chris C. Russo, Security expert, has discovered critical vulnerability in the Facebook Chat module that allows an attacker to launch Denial of Service (DOS) attack against any Facebook users.

He discovered a security flaw on 'www.facebook.com/ajax/mercury/send_messages.php' specifically in the parameter 'message_batch[0][body]'. It doesn't have any kind of limit in the amount of characters that can be sent.

So, it is possible for attackers to send a long message that results in DOS condition to a remote user. Since Facebook allows to send message to almost every user, it can be launched against any user.

The researcher has tested the flaw with 3 different testing users. One of the users who use tablet said his tablet got restarted and he is not able to access the Facebook app anymore, since the chat log would remain there and it would make the app crash again.

"In order to prevent this, the length of that parameter should be analyzed *before* sending the information to the addressee user by the asynchronous connection." Researcher said.

"Personally I believe that there must be something wrong with XSRF tokens as well, because it would allow me to send several packets using the same token that I initially extracted,however I couldn't this information due the ban prevention mechanism."

The researcher notified the Facebook before 6 weeks but fb team replied that there is no flaw, So he published the details in seclists.

In the past, he has discovered a security flaw in MSN messenger that allows hacker to send huge amount of big packets cause denial of service.
Read more »
Vulnerability
Breaking News Facebook Vulnerability Vulnerability

Security flaw in Facebook exposes user phone numbers

Suriya Prakash, an Indian Security Researcher has discovered a serious flaw in the facebook that allows scammers to get phone numbers of millions of Facebook's users.

If you are one of those person who say proudly i have made my number as private so i am safe, then you must read this news before shouting.

Usually, most of users change the privacy settings in the "Contact info" section in order to hide their mobile numbers from others but they are fail to realize that there is another option that expose their numbers.

In the "How You Connect" section , there is an option for "Who can look you up using the email address or phone number you provided?". By default, it is set to "Everyone".


This allows people to find the Facebook profile by entering phone numbers.  A legitimate users will use this feature to find their friends in the Facebook.  But Cyber Criminals can exploit this feature to get the phone number and corresponding username.

According to researcher, a simple brute-force script can exploit this feature and save phone numbers along with username.  But "Rate limiting on finding users" can prevent this brute-force attack.

Unfortunately, the mobile version of Faebook fails to do that. To demonstrate the bug, he run the script and extract number of phone numbers with username. He also published few extracted information.

He claimed that a large botnet with better script can get the full list of username and phone numbers.

The expert says that he has reached out to Facebook more than five times and provided them with all the details of the exploit in an attempt to get the flaw fixed, but since they haven't acknowledged the existence of the bug he decided to make everything public.

"So to protect yourself against this, change your settings to “My friends” and ask Facebook to provide an “Only me option” and make it such that it is the default setting for all users!." Researcher concluded in his post.
Read more »
Vulnerability
Application Vulnerability Breaking News Facebook Vulnerability Vulnerability

Vulnerability in Facebook app for Android & iOS leads to Identity theft


A new security vulnerability in Facebook application for Android and iOS allows an attacker to steal your Facebook identity.

Gareth Wright,a UK-based app developer for android and iOS has identified a security vulnerability in Facebook mobile application. The problem is that Facebook app doesn't encrypt your login credentials ,leaving them accessible to other malicious apps or USB connections.

He explained the about the hack in this blog post.

Facebook responded this vulnerability discover by issuing the following statement:
"Facebook’s iOS and Android applications are only intended for use with the manufacturer provided operating system, and access tokens are only vulnerable if they have modified their mobile OS (i.e. jailbroken iOS or modded Android) or have granted a malicious actor access to the physical device.

"We develop and test our application on an unmodified version of mobile operating systems and rely on the native protections as a foundation for development, deployment and security, all of which is compromised on a jailbroken device."
This statement appears to indicate that it is only for jailbroken devices; TheNextWeb(TNW) says it is untrue, "Your Facebook app on iOS is absolutely vulnerable because using a tool like iExplore, which is what Wright used to perform his white label hack, does not require a jailbreak."

Researchers also discovered that popular file-syncing app Dropbox also exhibits the vulnerability.
Read more »
Subscribe to: Posts (Atom)