=============================
allow vurnerable facebook.com
=============================
mc2_s3lector
[+]yogyacarderlink.web.id
[+]KeDaicomputerworks.org (makassar)
[+][2010-04-06]
----------------------------------------------------------------------------------------------------
facebook german
----------------------------------------------------------------------------------------------------
XSS (Cross-site Scripting) allows an attacker to execute a dynamic script
(Javascript,VbScript) in the context of the application. This allows several
different attack opportunities, mostly hijacking the current session of the
user or changing the look of the page by changing the HTML on the fly to steal
the user's credentials. This happens because the input entered by a user has
been interpreted as HTML/Javascript/VbScript by the browser. XSS targets the
users of the application instead of the server. Although this is a limitation,
since it allows attackers to hijack other users' session, an attacker might
attack an administrator to gain full control over the application.
[Report]
Name : Query Based
Parameter :Type: FullQueryString
Attack :'"-->
http://www.facebook.com/terms/provisions/german?'"-->
------------------------------------------------------------------------------------------------------
MITM attack 1
------------------------------------------------------------------------------------------------------
This cookie will be transmitted over a HTTP connection, therefore if this cookie
is important (such as a session cookie) an attacker might intercept it and hijack
a victim's session. If the attacker can carry out a MITM attack, he/she can force
victim to make a HTTP request to steal the cookie.
[Report]
Cookie: reg_fb_ref
Name: nsextt
Type: Querystring
Attack Pattern: '"-->
https://login.facebook.com/alogin.php?gray=2&hash=95369428d067a9db6a3104d54c6b0187&oid=121759744510721
------------------------------------------------------------------------------------------------------
Xss
------------------------------------------------------------------------------------------------------
XSS targets the users of the application instead of the server. Although this is a limitation, since it
allows attackers to hijack other users' session, an attacker might attack an administrator to gain full
control over the application.
Due to content-type of the response exploitation of this vulnerability might not be possible in all
browsers or might not be possible at all. Content-type indicates that there is a possibility of
exploitation by changing the attack however does not support confirming these issues.
You need to manually confirm this problem. Generally lack of filtering in the response can cause
Cross-site Scripting vulnerabilities in browsers with auto mime sniffing such as Internet Explorer.
Vulnerable : http://www.facebook.com/contact_importer/ajax/importer.php
Name : ms_login_name
Type : Post
Attack : %27%22%20ns=mc2_s3lector(0x001069)%20
-------------------------------------------------------------------------------------------------------
MITM 2
-------------------------------------------------------------------------------------------------------
If an attacker can carry out a MITM (Man in the middle) attack, he/she may be able to intercept traffic
by injecting JavaScript code into this page or changing action of the HTTP code to steal the users
password. Even though the target page is HTTPS, this does not protect the system against MITM attacks.
This issue is important as it negates the use of SSL as a privacy protection barrier.
[report]
Vulnerable : http://www.facebook.com/ajax/
action : https://login.facebook.com/login.php?login_attempt=1
-------------------------------------------------------------------------------------------------------
identified that password data is sent over HTTP
-------------------------------------------------------------------------------------------------------
-identified that password data is sent over HTTP.
-If an attacker can intercept network traffic he/she can steal users credentials.
Vulnerable : http://www.facebook.com//find-friends/?ref=pf
http://www.facebook.com//find-friends/?ref=pf
action : http://www.facebook.com/contact_importer/ajax/importer.php
http://www.facebook.com/contact_importer/ajax/importer.php
-------------------------------------------------------------------------------------------------------
internal server
-------------------------------------------------------------------------------------------------------
The Server responded with an HTTP status 500. This indicates that there is a server-side error. Reasons
may vary. The behavior should be analysed carefully. is able to find a security issue in
the same resource it will report this as a separate vulnerability
[report]
Vulnerable URL : http://www.facebook.com/ajax/signup_dialog.php?page_id=(select CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)
+CHAR(109)+CHAR(97))&next=/fbsitegovernance/posts/120701477944064
Name : page_id
Type : Querystring
Attack :(select+CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR
(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))
-------------------------------------------------------------------------------------------------------
pass
-------------------------------------------------------------------------------------------------------
- Data entered in these fields will be cached by the browser. An attacker who can access the victim's
browser could steal this information. This is especially important if the application is commonly used
in shared computers such as cyber cafes or airport terminals.
- Auto Complete" was enabled in one or more of the form fields. These were either "password" fields or
important fields such as "Credit Card".etc
[report]
Vulnerable http://www.facebook.com///error.facebook.com//common//scribe_endpoint.php?c=si_
clickjacking&m&t=4778
http://www.facebook.com/window.location.href'
http://www.facebook.com///b.static.ak.fbcdn.net//rsrc.php
-----------------------------------------------------------------------------------------------------------
Email address disclousure
-----------------------------------------------------------------------------------------------------------
E-mail addresses discovered within the application can be used by both spam email engines and also
brute force tools. Furthermore valid email addresses may lead to social engineering attacks .
[report]
http://www.facebook.com/pages/explotar-burbujitas-de-plastico/31118267838
Vulnerable URL : http://www.facebook.com//find-friends/?ref=pf
: http://www.facebook.com/legal/copyright.php?howto_report
http://www.facebook.com/pages/I-need-a-vacation/72161599412
http://www.facebook.com/pages/Hot-Showers/88216396646
---->example found :und E-mails: ip@facebook.com, weezyFOW@gmail.com, droopy_cf@live.com.ar
:TE@WWW.VACATIONSUNSATION.GL, frajbargaoui@gmail.com
-------------------------------------------------------------------------------------------------------------
big thank to:- inj3ct0r.com ( Inj3ct0r Exploit Database by r0073r )
- yogyacarderlink.web.id(v3n0m,lingga,z0mb13,my wisdom, setan muda, byebye,m4rc0,leqi,crackbox,&all
- my family KeDai computerworks.com(fanzy kobandaha,hendry slank,mas william,wahdan,wandi rifaldi&All
- the-codec stuff 0n3-d4y,hendry_slank,4m-007,red naruto,cooln3tter
- jasakom.com
- indonesian hacker
- indonesiandefacer
- indonesian like a coding
- STMIK dipanegara makassar
# Inj3ct0r.com [2010-05-15]