Nice one Nathan :) On Thu, Oct 27, 2011 at 9:33 PM, Dan Ballance <[email protected]>wrote:
> Is this for real? If so, this is a huge scandal imho. Such a simple error > for a Facebook developer to make. > On 27 Oct 2011 13:53, "Nathan Power" <[email protected]> wrote: > >> >> --------------------------------------------------------------------------------- >> 1. Summary: >> >> When using the Facebook 'Messages' tab, there is a feature to attach a >> file. >> Using this feature normally, the site won't allow a user to attach an >> executable file. >> A bug was discovered to subvert this security mechanisms. Note, you do NOT >> have >> to be friends with the user to send them a message with an attachment. >> >> >> --------------------------------------------------------------------------------- >> >> Read the rest of this advisory here: >> >> http://www.securitypentest.com/2011/10/facebook-attach-exe-vulnerability.html >> >> >> Enjoy :) >> >> >> Nathan Power >> www.securitypentest.com >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -- Thanks and Regards, Vipul Agarwal
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
