Exploiting a cross-site scripting vulnerability on Facebook
Page 1 of 1
Exploiting a cross-site scripting vulnerability on Facebook
Impact of Cross-Site Scripting vulnerabilities on social networking sites
Take a walk through most workplaces and you will surely notice someone browsing a social networking site. No wonder that website popularity services like Alexa rate Facebook the second most visited website after Google and before Youtube! We trust these websites to reflect the public image that we want to portray and sometimes even trust with secrets. A single cross-site scripting vulnerability allows attackers to do anything (that the victim may do) on behalf of the victim. In this article we will look at how Facebook accounts could be compromised through such a simple, yet effective vulnerability.
HTTPOnly does not protect your site (or Facebook) from XSS exploitation
Traditionally, most cross-site scripting exploitation involves sending the cookie to the attacker through javascript. The attacker would typically write dynamic HTML such as the one below, which dynamically sends the cookie to a web server controlled by the attacker.
More info and video demo: http://www.acunetix.com
Take a walk through most workplaces and you will surely notice someone browsing a social networking site. No wonder that website popularity services like Alexa rate Facebook the second most visited website after Google and before Youtube! We trust these websites to reflect the public image that we want to portray and sometimes even trust with secrets. A single cross-site scripting vulnerability allows attackers to do anything (that the victim may do) on behalf of the victim. In this article we will look at how Facebook accounts could be compromised through such a simple, yet effective vulnerability.
HTTPOnly does not protect your site (or Facebook) from XSS exploitation
Traditionally, most cross-site scripting exploitation involves sending the cookie to the attacker through javascript. The attacker would typically write dynamic HTML such as the one below, which dynamically sends the cookie to a web server controlled by the attacker.
More info and video demo: http://www.acunetix.com
andry- Moderator
- Posts : 467
Join date : 2010-05-07
Similar topics
» Cross-Site Scripting Still Most Common Web Vulnerability
» Cross Site Scripting (XSS) at User-Agent
» Webmatic 3.0.3 Multiple cross.site scripting
» XSS (Cross Site Scripting) Prevention Cheat Sheet
» XSS-Proxy Cross Site Scripting Attack Tool
» Cross Site Scripting (XSS) at User-Agent
» Webmatic 3.0.3 Multiple cross.site scripting
» XSS (Cross Site Scripting) Prevention Cheat Sheet
» XSS-Proxy Cross Site Scripting Attack Tool
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum