[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Facebook URL Redirect Vulnerability
- To: Andrew Farmer <andfarm@xxxxxxxxx>
- Subject: Re: [Full-disclosure] Facebook URL Redirect Vulnerability
- From: Wesley Kerfoot <wjak56@xxxxxxxxx>
- Date: Wed, 2 Mar 2011 00:11:16 -0500
"Sorry! We can't display this content while you're viewing Facebook over a
secure connection (https).
To use this app, you'll need to switch to a regular connection (http)."
On Tue, Mar 1, 2011 at 8:56 PM, Andrew Farmer <andfarm@xxxxxxxxx> wrote:
> On 2011-02-28, at 09:42, Nathan Power wrote:
> > 3. Impact:
> >
> > Potentially allow an attacker to compromise a victim’s Facebook account
> > and/or computer system.
>
> Do you have an actual attack in mind which could accomplish either of these
> goals, or is this wishful thinking? (Browser exploits don't really count, as
> those would work just fine with or without the redirect.)
>
> To be clear - open redirects are certainly a problem, but don't try to call
> them any more than that.
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/