Friday, May 7, 2010

Facebook ,When pets become gnarled !

Hey guys,
Today , i've read many various posts about some dangerous vulnerabilities into Facebook site ,so i decided to share it with you to avoid such attacks ( and another reason is that all people trust very much that site and share their real information which would be - like in this case - very risky )!
So What's Facebook ?Facebook is a social networking site which became recently the first social site in the world,the site has more than 400 million active users all over the world ( believe it ! ) .
From Inj3ct0r's site ,they have been able to find an SQL Injection vulnerability at one of Facebook's applications : ,And then they listed a number of users and their accounts ( now i think you know why sharing real information is risky ! Not yet ? well , continue... ).
The more dangerous is that they were able to upload a php shell which is able to control Facebook server !
Now they could change accounts , steal passwords , modify what ever article they want , etc...
Furthermore , that's not the only vulnerability discovered , Also they discovered an XSS vulnerability in the way that Facebook continue your search string to bring you what you need exactly and rapidly .
When you want to search about something , you go to the search bar and type in ( only the first letters ) what u want and then you will notice that Facebook continues your string with some of those that are known to the site.Say that you need to search about a group , you will type the first letters and then the site will suggest for you some of his known groups . Well , that's not that hard , we can make this kind of search by this block of html codes :
<img src=
So , in this case , if you tried to search the word iframe ( and there is something called iframe ) facebook will continue your string , and then the implementation will be by html codes (Incredible , isn't it ? )!!!
Also , There are a couple of vulnerabilities that were discovered by Alexander Sotirov ,one of them was interesting which is the invalid UTF8 characters vulnerability !

Well , Now , i guess that you may want to delete your  Facebook account ! Hey , Life is not that bad :P
Facebook is still * The One * and the most interesting social site .But Remember , there isn't any site that has a hundred percent security structure ( unless all hackers die !!! ).