Facebook Open Redirect and Reflected XSS Vulnerability
Facebook Open Redirect and Reflected XSS vulnerability in one shot, pretty cool isn't it?
Vulnerability was in Mobile site i.e m.facebook.com, haven't checked on mobile application. And one more thing i don't have xss snapshot but I'll share that vector in this post.
Okay Open Redirect vulnerability was in mobile "Page Manager Application" download link.
Vulnerable link: https://m.facebook.com/pages/pages_manager_app_link/?page_id=462697283768657&app_store_url=
All we have do is to manipulate the app_store_url parameter with malicious link. But that's not it, it was more than open redirect vulnerability. While redirecting, Facebook will tell the user that "Redirecting to Pages Manager App.."
So to better exploit this vulnerability all attacker have to do is to code malicious Pages Manager App and make the victim to use that malicious application and then Bingo! Account Compromised!
Now lets come to the Reflected XSS vulnerability, the same parameter was vulnerable to xss but unfortunately I don't have snapshot of that. Vector was javascript:alert(1))
So now you may be wanted to how know much Facebook Rewarded me for these two vulnerabilities?
Well they rewarded me 15K USD. Usually they reward 5K usd for xss and 1-1.5K USD for open redirect but I guess they rewarded me 15K USD Because I was able to bypass Facebook Linkism.
Open Redirect POC:
Reward:
Feel Free To Leave A Comment
If Our Article has Helped You, Support Us By Making A Small Contribution, Thank You!
awesome (y)
ReplyDeletesplendid,
ReplyDeleteawsome (y)
ReplyDeleteThis comment has been removed by a blog administrator.
ReplyDeleteFake, or it was a mistake. They paid less for way more severe bugs.
ReplyDeleteFAAAKE
ReplyDelete15000????
ReplyDelete