Hi all,
URL redirection vulnerability observed in Facebook. Facebook application has not sanitized the “redirect” input parameter. if you provide "redirect" parameter to any third party site then the web page is redirecting to the third party site. This would aid phishing attacks by using an attacker's dummy site (providing redirect value to the dummy site). URL: http://www.facebook.com/ajax/set_as_homepage.php?uid=<<any value>>&assoc=SetAsHomepageAssocInterstitial&action=cancel&redirect=<<Any web Site URL>> Reported this issue to Facebook team on 03/22/11 and Facebook team acknowledged this issue on 03/29/11 and fixed this vulnerability. Status: Reported this issue to the vendor and vendor fixed this issue. Best Regards, Kiran Maraju
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
