|
Full Disclosure
mailing list archives
Re: Clickjacking (?) on Facebook.com (Question)
From: Jann Horn <jann () thejh net>
Date: Thu, 12 Dec 2013 20:07:49 +0100
On Wed, Dec 11, 2013 at 10:18:09PM +0100, Stefan Schurtz wrote:
it is possible to load
"https://www.facebook.com/login/reauth.php?next=https://www.facebook.com/confirmphone.php&display=popup";
in another page.
[...]
My question: is this really not a security problem on Facebook?
It's say it is a problem, especially given that drag/drop isn't blocked on that
page. Did you report this to Facebook yet?
Attachment:
signature.asc
Description: Digital signature
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
| 
