[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Facebook Open_Redirector/Broken_Authentecation exploit

[ 0Day-ID-21558 ]
Full title
Facebook Open_Redirector/Broken_Authentecation exploit [ Highlight ]
Highlight - is paid service, that can help to get more visitors to your material.

Price: 10
Date add
Category
Platform
Verified
Price
 
0.007 BTC

 
699 USD
Risk
[
Security Risk High
]
Rel. releases
Description
This exploit includes two vulnerabilities at Facebook:
1- An Open Redirector at the mobile domain (m.facebook.com) which is hard to detect due to its special mechanism and harder to get fixed fully because it requires an non simple change at the platform to get fully patched and it could be exploited against all Facebook users.
2- An Authentication(OAuth) Flaw that allows you to get full permissions of an application which a facebook user uses by hijacking its access_token value under a HTTP connection with the help of a MITM(Man In The Middle) attack and that allows you to get private information(like messages, emails, phones, posts and anything else) and Change his account configuration and take control of his account but that depends on the permissions of the application itself.
-=-=-=-=-=-=-=-=-=-=-=-
#these two vulnerabilities could be exploited to work together or separately. Concerning The Open Redirector if the user clicked the redirection link while he isn't logged in to facebook a login page(form) will appear and as soon as he enters his login data he will get redirected to the url.
and concerning the authentication flaw (you need to know any application of the applications which the targeted user use to get its permissions (access_token) or we can try a popular application like skype or ask.fm app but we can't use the official apps like Facebook Messenger..)>
#Can't explain more about them otherwise they would be public!
Vendor
www.facebook.com
Tested on
Any Platform,Browser
Solution
NONE
Prooves Information
Proof imgs
Other Information
Abuses
0
Comments
1
Views
17 183
We DO NOT use Telegram or any messengers / social networks! We DO NOT use Telegram or any messengers / social networks! Please, beware of scammers!
Please login or register to buy exploit.
OR
Buy incognito
1
0
Verified by 0day Admin
Verified by 0day Admin
This material is checked by Administration and absolutely workable.
Learn more about    GOLD:
0day.today Gold is the currency of 0day.today project and is denoted on this site as such image: . It used for paying for the services, buying exploits, earning money, etc
We accept:
BitCoin (BTC)
You can pay us via BTC
LiteCoin (LTC)
You can pay us via LTC
Ethereum (ETH)
You can pay us via ETH

Author
BL
29
Exploits
1
Readers
0
[ Comments: 1 ]
Terms of use of comments:
  • Users are forbidden to exchange personal contact details
  • Haggle on other sites\projects is forbidden
  • Reselling is forbidden
Punishment: permanent block of user account with all Gold.

Login or register to leave comments