Facebook 3rd Part App Installing Page UI Redressing Vulnerability

[[s]]

#Title: Facebook 3rd Part App Installing Page UI Redressing Vulnerability
Author: Sandeep Kamble
#Business Risk : Medium Risk
#Attack Type: UI Redressing Vulnerability
#Tested Browser: Firefox 3.6.27
#OS: Win 7 / Linux
#Reported Date: July 26 , 2011


Summary
GDay ! Recently , I have submitted UP Redressing Vulnerability to Facebook. Vulnerability enables attacker to install any 3rd Party malicious application into victim Facebook account.

Overview
Clickjacking (UI Redressing )is an exploit in which coding on a malicious website is hidden beneath apparently legitimate buttons.

The strange part of this testing was Facebook 3rd party App installing page already protected for UI redressing vulnerability. The Protection is perfectly working on chrome , safari , IE & New Version of FF .

But Facebook 3rd party App installing page UI redressing failed to work on Firefox 3.6.27. So in Firefox 3.6.27 i perfectly iframed page & made a perfect POC Facebook team.

Code:

Public POC :

Special Thanks to FB team to fix this Bug ! My team G4h

Thanks
[S] - Sandeep

[fb1h2s]

Good Job, any idea why the protection was not working on FF, some JS failure ? Do you have the previous Code with you to check how facebook dealt with this issue.

[[s]]

Good Job, any idea why the protection was not working on FF, some JS failure ? Do you have the previous Code with you to check how facebook dealt with this issue.

Yes , it was JS Failure ! I have confirmed with Facebook ! I don't have copy of the JS.

[amolnaik4]

very nice bug sandeep.... keep it up

[[s]]

very nice bug sandeep.... keep it up

Thanks Amol , I remember your Click Jacking Talk of Null

[Globz]

Great find, keep it up bro!! Go G4H!