Facebook Open Redirect Vulnerability

Share it:
An independent security researcher, who is also a founder of  illSecure.com name as Junaid Hussain, has identified an open redirect vulnerability in Facebook.
This vulnerability was reported 2 month ago to the Facebook, but as this have the low risk vulnerability hence Junaid have decided to publish it publicly. This vulnerability is not fixed yet but Facebook is working to fixed it up.
On this Blog post he have posted all the details information along with the video on this vulnerability.

Junaid added that “An attacker can add a random invalid value to the parameters ‘app_id’ and/or ‘client_id’ and then change the value of the parameter ‘redirect_uri’ and redirect Facebook users to malicious sites such as phishing sites or sites with malware.”

Video Demo

Share it:

Facebook

Security

Post A Comment:

1 comments:

  1. this is not a vulnerability in facebook..if the so called researcher has any idea about how the facebook platform works and behaves towards external URL calls , then he will know what shit he is talking about...

    ReplyDelete

Follow by Email