[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Facebook Query Language (FQL) security issue

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] Facebook Query Language (FQL) security issue
From: Carlos <carsato1@xxxxxxxx>
Date: Fri, 08 Jan 2010 13:32:14 +0100

First of all, please excuse my language, it needs to be improved.

I did try the FQL query with three test accounts of mine and It was
successful. I could take the albums id and then the src of the pictures
in a particular album. Well, It isn't so difficult but you need some
knowledge or someone giving to you the code to paste to get the
information. I mean, it can be done when anyone has interest.

Did you told to Facebook about?
Do you have an answer from facebook yet?

Zerial. wrote:
>
> We have no privacy from FQL developers.
> Anyone with facebook account can use FQL.
> Then anyone can see our data.
>
> http://mkdot.net/blogs/slavco/archive/2009/12/29/11338.aspx
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: Re: [Full-disclosure] iiScan
Next by Date: [Full-disclosure] J 6.02.023 Array Overrun (code execution)
Previous by thread: [Full-disclosure] [USN-878-1] Firefox 3.5 and Xulrunner 1.9.1 regression
Next by thread: [Full-disclosure] J 6.02.023 Array Overrun (code execution)
Index(es):
- Date
- Thread