0day.today - Biggest Exploit Database in the World.
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn
GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Contact us
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Facebook Open_Redirector/Broken_Authentecation exploit
[ 0Day-ID-21558 ]
Full title
Facebook Open_Redirector/Broken_Authentecation exploit
[ Highlight ]
Highlight - is paid service, that can help to get more visitors to your material.
Price: 10
Price:
10Date add
Category
Platform
Verified
Price
0.011 BTC
699 USD
Risk
[Security Risk High
]Rel. releases
Description
This exploit includes two vulnerabilities at Facebook:
1- An Open Redirector at the mobile domain (m.facebook.com) which is hard to detect due to its special mechanism and harder to get fixed fully because it requires an non simple change at the platform to get fully patched and it could be exploited against all Facebook users.
2- An Authentication(OAuth) Flaw that allows you to get full permissions of an application which a facebook user uses by hijacking its access_token value under a HTTP connection with the help of a MITM(Man In The Middle) attack and that allows you to get private information(like messages, emails, phones, posts and anything else) and Change his account configuration and take control of his account but that depends on the permissions of the application itself.
-=-=-=-=-=-=-=-=-=-=-=-
#these two vulnerabilities could be exploited to work together or separately. Concerning The Open Redirector if the user clicked the redirection link while he isn't logged in to facebook a login page(form) will appear and as soon as he enters his login data he will get redirected to the url.
and concerning the authentication flaw (you need to know any application of the applications which the targeted user use to get its permissions (access_token) or we can try a popular application like skype or ask.fm app but we can't use the official apps like Facebook Messenger..)>
#Can't explain more about them otherwise they would be public!
1- An Open Redirector at the mobile domain (m.facebook.com) which is hard to detect due to its special mechanism and harder to get fixed fully because it requires an non simple change at the platform to get fully patched and it could be exploited against all Facebook users.
2- An Authentication(OAuth) Flaw that allows you to get full permissions of an application which a facebook user uses by hijacking its access_token value under a HTTP connection with the help of a MITM(Man In The Middle) attack and that allows you to get private information(like messages, emails, phones, posts and anything else) and Change his account configuration and take control of his account but that depends on the permissions of the application itself.
-=-=-=-=-=-=-=-=-=-=-=-
#these two vulnerabilities could be exploited to work together or separately. Concerning The Open Redirector if the user clicked the redirection link while he isn't logged in to facebook a login page(form) will appear and as soon as he enters his login data he will get redirected to the url.
and concerning the authentication flaw (you need to know any application of the applications which the targeted user use to get its permissions (access_token) or we can try a popular application like skype or ask.fm app but we can't use the official apps like Facebook Messenger..)>
#Can't explain more about them otherwise they would be public!
Vendor
www.facebook.com
Tested on
Any Platform,Browser
Solution
NONE
Prooves Information
Proof imgs
Other Information
Abuses
0
Comments
1
Views
17 041
We DO NOT use Telegram or any messengers / social networks! Please, beware of scammers!OR
1
0
Verified by 0day Admin
Verified by 0day Admin
This material is checked by Administration and absolutely workable.
This material is checked by Administration and absolutely workable.
Learn more about 
GOLD:
GOLD:
0day.today Gold is the currency of 0day.today project and is denoted on this site as such image: . It used for paying for the services, buying exploits, earning money, etc
. It used for paying for the services, buying exploits, earning money, etc
We accept:
BitCoin (BTC)
You can pay us via BTC
You can pay us via BTC
LiteCoin (LTC)
You can pay us via LTC
You can pay us via LTC
Ethereum (ETH)
You can pay us via ETH
You can pay us via ETH
[ Comments: 1 ]
Terms of use of comments:
- Users are forbidden to exchange personal contact details
- Haggle on other sites\projects is forbidden
- Reselling is forbidden
Login or register to leave comments
Login or register to leave comments