Skip to main content

Evil App Steal Facebook Access Token

By


Evil App Steal Facebook Access Token 




Facebook say about this users Responsible for this its not an issue for facebook so After 3 month i am disclose this may be now they make some change but its still work .......  so users not allow any app to access your data on facebook or dont login anywhere using Facebook may be this an Attacker and After steal your Facebook Access Token he Can Hack your facebook Account  Easily.... 


[#] Title           :  Evil App Steal Facebook Access Token 
[#] Status        :  Unfixed
[#] Severity     :  very High
[#] Works on  :  Any browser with any version
[#] Homepage  : www.facebook.com
[#] Author       :  Jitendra Jaiswal
[#] Email          :  jeetjaiswal0@gmail.com

This Vulnerability is exploitable to all users who are use facebook apps and allow access of apps
an attacker can modify all app setting in url

Impact of Vulnerability:

An attackers can store  user access token with 2 month no Expires

also token not expire if user log out from facebook

1. an attacker can see inbox , update status , upload a pic and all hidden info of user profile

2. The user may be redirected to an untrusted page that contains
malware which may then compromise the user's machine.

note : An attcker can eassly create app and make problems to users stolen users access token
facebook  didn't stop that bcz when app developrs send app for review then they know about that


How it work....

say user to its a great app in facebook play and see

If any signed facebook user clicks above  following link
they will be redirected into 0auth dailog pages.

if user new its show app want to access user info as like other app
but apps after that going to facebook app page https://apps.facebook.com/xyz


important part for store ( ** facebook use # for when token goes with site that not store in server function** )

but in my link its goes first to my site then goes to app page in that when its come to site its have token
with #  as we know that # value never store in request_uri or query_string

i am use java script to change # into ? then  its now store in txt file

 with both server function request_uri or query_string


POC VIDEO :

 




Facebook Reply For This 

Jitendra  Jaiswal

Security Researcher/Ethical Hacker

Labels:

Comments

Post a Comment

Popular posts from this blog

HC WeB : A Browser for HACKERS...

By
A Browser for HACKERS... Try for Free... Download HC WeB Setup Gallery: Online Penetration Testing Tools Index Information Gathering Whois DNS Location Info Enumeration and Fingerprint Data Mining Search Engines Editors Online Text Editors Share Text Snippets Network Utilities Ping HTTP HTTPS VNC Remote Desktop SSH DNS Sniffers Misc Forensics Frameworks URL Cloaking E-mail Password Cracking Encoders and Decoders Encoders Decoders Malwares Malware Analysis Identify Malicious Websites Suspected Malicious IPs and URLs Application Auditing SQL Injection Cross Site Scripting File Inclusion Anonymity Proxy Others Hackery Open Penetration Testing Bookmarks Collection Hacker Media Blogs, Forums, Magazines and Videos. Methodologies Penetration testing frameworks, standards and methodologies. OSINT Presentations, People, Organizations and Infrastructure.  Exploits and Ad
Post a Comment
Read more

Edward Snowden nominated for Nobel Peace Prize 2014

By
Now there is really great news for all the supporters of Former National Security Agency ( NSA ) contractor Edward Snowden , as he is nominated for the 2014 Nobel Peace Prize by two Norwegian lawmakers. Snorre Valen and Baard Vegar Solhjell , parliamentarians from Norway’s Socialist Left Party said, “ He has contributed to revealing the extreme level of surveillance by nations against other nations and of citizens ,”     Edward Snowden revealed various widely extended NSA spying projects and responsible for handing over the material from one of the world's most secretive organizations the NSA. He faces charges of theft and espionage and is in Russia on temporary asylum. “ Snowden contributed to people knowing about what has happened and spurring public debate ” on trust in government, which he said was “ a fundamental requirement for peace ”. Snorre Valen also added that, “ There’s no doubt that the actions of Edward Snowden may have damaged the securi
Post a Comment
Read more

Facebook Open URL Redirection Vulnerability

By
About 2 week ago, I discovered an open url redirection vulnerability in Facebook that allowed me to have a facebook.com link redirect to any website without restrictions & users  confirmation Description: [#] Title           :  Facebook Open URL Redirection  [#] Status        :  fixed [#] Severity     :  High [#] Works on  :  Any browser with any version [#] Homepage  : www.facebook.com [#] Author       :  Jitendra Jaiswal ( India ) The flaw exists in the way facebook handled the u parameter. Visiting the link below would always redirect to the facebook homepage: http://www.facebook.com/a.php?u=http%3A%2F%2Fjeet.com But I noticed that changing the url to a another url , for example: http://www.facebook.com/a.php?u=http%3A%2F%2Fyahoo.com in that the target destination yahoo.com and it will redirect successfully: http://www.facebook.com/a.php?u=http%3A%2F%2Fyahoo.com Facebook have the ability to filter and ban particular websites from redirect
Post a Comment
Read more