Facebook CSRF and XSS vulnerabilities
Page 1 of 1
Facebook CSRF and XSS vulnerabilities
Facebook comes with an anti-CSRF system based on two tokens, respectively called post_form_id and fb_dtsg. These tokens change frequently, and are certainly built upon several parameters including time of day, time of account creation, user id, and many others. Determining the values of these tokens for a specific user is, to our view, impossible.
Fortunately, Facebook provides a functionality called “profile preview”, allowing users to see how their own profile appears to any other user. It can be accessed using the URL
More Details:http://www.wargan.com
Fortunately, Facebook provides a functionality called “profile preview”, allowing users to see how their own profile appears to any other user. It can be accessed using the URL
More Details:http://www.wargan.com
andry- Moderator
- Posts : 467
Join date : 2010-05-07
Similar topics
» Gmail Checker plus Chrome extension XSS/CSRF II
» Google Services Notifier Chrome extension XSS/CSRF
» Notifier for Google Wave Chrome extension XSS/CSRF
» Automated detection of CSRF-worthy HTML forms through 4-pass reverse-Diff analysis
» New vulnerabilities at www.w3.org
» Google Services Notifier Chrome extension XSS/CSRF
» Notifier for Google Wave Chrome extension XSS/CSRF
» Automated detection of CSRF-worthy HTML forms through 4-pass reverse-Diff analysis
» New vulnerabilities at www.w3.org
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum