Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Facebook URL Redirect Vulnerability
From: Nathan Power <np () securitypentest com>
Date: Wed, 2 Mar 2011 14:59:18 -0500

I understand what your saying but I don't agree.  We may have to agree to
disagree on this.

You can obscure a URL several different ways.  For this particular case, I
used decimal to IP.

In the following example, you can see the target URL isn't in a human
readable format.
http://apps.facebook.com/truthsaboutu/track.php?r=http%3A%2F%2F1208929384

Also when you post a link on Facebook,  'apps.facebook.com' is the only text
displayed to the user.


Nathan Power
www.securitypentest.com


On Wed, Mar 2, 2011 at 2:38 PM, Andrew Farmer <andfarm () gmail com> wrote:

On 2011-03-02, at 06:30, Nathan Power wrote:
There are 3 different steps to perform an attack using a URL redirect:
 1)
trick the user 2) redirect 3) exploit .. We are using a Facebook URL to
trick the user, we are using the URL redirect as the catalyst to perform
an
exploit.

Here are some examples of the types of attacks you can perform with a URL
redirect, CSRF, phishing (fake fb login), and browser exploits
(javascript
zombie,0days,etc).

How would you have written the impact section?

Something like this:

3. Impact:

An attacker may obfuscate the target of a link, potentiating phishing
attacks and/or bypassing some simple URL filters.

Or something of the sort. The actual target of the link isn't obscured in
the URL, so it's not even particularly convincing if the URL is displayed in
plain text.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]