"Sorry! We can't display this content while you're viewing Facebook over a secure connection (https). To use this app, you'll need to switch to a regular connection (http)."
On Tue, Mar 1, 2011 at 8:56 PM, Andrew Farmer <andf...@gmail.com> wrote: > On 2011-02-28, at 09:42, Nathan Power wrote: > > 3. Impact: > > > > Potentially allow an attacker to compromise a victim’s Facebook account > > and/or computer system. > > Do you have an actual attack in mind which could accomplish either of these > goals, or is this wishful thinking? (Browser exploits don't really count, as > those would work just fine with or without the redirect.) > > To be clear - open redirects are certainly a problem, but don't try to call > them any more than that. > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/