Facebook Open Redirect

Facebook Open Redirect: Posted Jun 17, 2013; Authored by Arul Kumar.V; Facebook suffers from multiple open redirection vulnerabilities.; tags | exploit, vulnerability; SHA-256 | ecb907c5f37e4481ae56ae2fb0c1732c0e9bfd6002f6d3f56c8b3ec870c12277; Download | Favorite | View

Facebook Open Redirect

Description:
[#] Title           :  Facebook Open URL Redirection Vulnerability 2013
[#] Status        :  Unfixed
[#] Severity     :  High
[#] Works on  :  Any browser with any version
[#] Homepage  : www.facebook.com
[#] Author       :  Arul Kumar.V
[#] Email          :  arul.xtronix@gmail.com

I have found Open URL Redirection Vulnerabilities in facebook's
dialogs such as"Option Dialog","Friends Dialog","OAuth Dialog".This
Vulnerability is exploitable to all users who are signed into
facebook.

Impact of Vulnerability:
1. The user may be redirected to an untrusted page that contains
malware which may then compromise the user's machine.

2. The user may be subjected to phishing attacks by being redirected
to an untrusted page.

3. This bug can be applicable to any user who are signed in which
works at any browsers with any version.

Vulnerable Dialogs:
Option Dialog  :    (/dialog/optin)
OAuth Dialog   :  (/dialog/oauth)
Friends Dialog : (/dialog/friends)

Source:
https://vimeo.com/68469298
http://www.securitytube.net/video/7787

If you need more details about this bug,Visit my blogspot.I have
explained in brief about this bug.
http://arulxtronix.blogspot.in/2013/06/facebook-open-url-redirection_3515.html

Proof Of Concept:

If any signed facebook user clicks any one of the following link,they
will be redirected into our desired pages.URL Shorteners can be used
to mask malicious links.

Note: You must be signed into a facebook account to redirect sites.

Vulnerable URL's:
Once again i am remembering you,you must be signed into an facebook
account to redirect sites

1)Using "next" Parameter:
https://www.facebook.com/dialog/optin?app_id==&next=http://google.com

https://www.facebook.com/dialog/oauth?app_id==&next=http://yahoo.com

https://m.facebook.com/dialog/friends?app_id==&next=http://bing.com

2)Using "redirect_uri" Parameter:
https://www.facebook.com/dialog/optin?app_id==&redirect_uri=http://google.com

https://www.facebook.com/dialog/oauth?app_id==&redirect_uri=http://yahoo.com

https://m.facebook.com/dialog/friends?app_id==&redirect_uri=http://bing.com

3) Phising demo:
www.facebook.com/dialog/optin?app_id==&next=http://fbnew.t15.org

Thank You,
Arul Kumar.V

Top Authors In Last 30 Days

Red Hat 172 files
Ubuntu 47 files
Debian 22 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
tmrswrr 4 files
E1.Coders 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

Facebook Open Redirect

Facebook Open Redirect

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Facebook Open Redirect

Share This

Facebook Open Redirect

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems