Hii!! Readers,
This is my first facebook PoC which was actually duplicated, but its severity was critical. So I decided to share my PoC with you..
This is my first facebook PoC which was actually duplicated, but its severity was critical. So I decided to share my PoC with you..
Bug - Session ID and CSRF Vulnerability
After asking to facebook, I got to know, that this vulnerability was found by vulnerability lab.
Anyways, So let's start.
Overview
========
facebook is an online social networking service and website started in Feb 2004. It is owned by Facebook Inc. As of Sept. 2012. CEO- Mark Zuckerberg
Exploitation Technique
==================
Remote
Description
=========
A remote session vulnerability and CSRF bug has been discovered in official facebook page, which allow me to delete any user's comment from any post without his/her authorisation.
[+] Vulnerable Modules :- Comments
[+] Vulnerable Parameter :- comment_id
legacy_id
Proof Of Concept (PoC)
===================
Steps to reproduce :-
1. First login into your facebook account.
2. Put a comment anywhere on any post.
3. Remove your comment normally as you do.
4. Capture the headers information on requesting to delete it.
5. Now move to another post, and like the comment you wanna delete from the post.
6. Now capture those headers.
7. Now in previously captured headers change the comment_id and legacy_id, from the comment_id and legacy_id you got now.
8. And Boom!!! you deleted an user comment on other users post without authorisation.
This is being patched by the facebook developer team.
No comments:
Post a Comment