|
Full Disclosure
mailing list archives
Re: Facebook URL redirection issue
From: Christian Sciberras <uuf6429 () gmail com>
Date: Mon, 4 Apr 2011 08:24:38 +0200
Chris,
If it's social and it's Facebook, it must be good :)
Cheers,
Chris.
On Mon, Apr 4, 2011 at 8:22 AM, Chris Evans <scarybeasts () gmail com> wrote:
On Sun, Apr 3, 2011 at 4:26 PM, Javier Bassi <javierbassi () gmail com>wrote:
Reported this issue to Facebook team on 03/22/11 and Facebook team
acknowledged this issue on 03/29/11 and fixed this vulnerability.
They still have redirects on apps made by their users, and they don't care
http://apps.facebook.com/truthsaboutu/track.php?r=http://www.google.com
and if someone falls in basic phishing with facebook domain, he will
fall with apps.facebook subdomain too.
Btw, linkedin has open redirect too and they couldn't care less about it
http://www.linkedin.com/redirect?url=www.google.com
Probably because it's not a big deal?
What next, an advisory about how massive quantities of "open redirectors"
have been found on bit.ly, goo.gl and tinyurl.com ?
Cheers
Chris
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
|
