You can now find Cyber Kendra on Google News | Telegram

Facebook Code Execution Bug Worth $40,000

Researcher got Code Execution Bug on Facebook server worth 40,000
A security researcher, Andrey Leonov had discovered a critical bug on Facebook that leverage a Remote Code Execution vulnerability on Facebook server. This vulnerability was resides on the ImageMagick and Tragick bug that were first discovered on April 2016.

On the blog post Andrey says that he was testing another service (not Facebook) but some of the redirect drag him to Facebook i.e. 'Share on Facebook' dialog box.

When user post a link on facebook it fetch the url for image and shows the image contains on the page of the link. On checking deeper, he fount that a `picture` parameter is a url, but there isn’t image url on page content. [See image below]

https://external.fhen1-1.fna.fbcdn.net/safe_image.php?d=AQDaeWq2Fn1Ujs4P&w=158&h=158&url=https%3A%2F%2Fwww.google.com%2Fimages%2Ferrors%2Frobot.png&cfs=1&upscale=1&_nc_hash=AQD2uvqIgAdXgWyb

This point grab his attention and started digging it. Initially he got no success and at last he tried to exploit ImageTragick vulnerability. On this also he failed to exploit but after some work on his exploit he managed to triggered the issue. He successfully triggered with the DNS record request by which he got valid response.

On this he came to know how application was working and he wrote -
  • Gets `picture` parameter and requests it - this request is correct and not vulnerable
  • Received picture passes on converter's instance which used vulnerable ImageMagick library
Later on he successfully exploited the bug leveraging a Code Execution on Facebook server. For this finding Facebook awarded him $40,000 under company's Bug Bounty Program.

Post a Comment

Cookie Consent
We serve cookies on this site to analyze traffic, remember your preferences, and optimize your experience.
Oops!
It seems there is something wrong with your internet connection. Please connect to the internet and start browsing again.
AdBlock Detected!
We have detected that you are using adblocking plugin in your browser.
The revenue we earn by the advertisements is used to manage this website, we request you to whitelist our website in your adblocking plugin.
Site is Blocked
Sorry! This site is not available in your country.