There seem to be a hard limit via the main website interface but I
have not check modifying the post or using another means { raw, API,
Facebook App, etc}."Status updates must be less than 63,206 characters. You have entered 73,979 characters here. Notes can be much longer. Would you like to edit and post your update as a Note instead?" Regards, -- ฤ๊๊๊๊๊็็็็็๊๊๊๊๊็็็็ ฮ้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้ ฦ้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้ BaconZombie LOAD "*",8,1 On 9 November 2012 15:31, Chris C. Russo <[email protected]> wrote: > On 09/11/2012 11:29 a.m., Bill Weiss wrote: >> Chris C. Russo([email protected])@Thu, Nov 08, 2012 at 04:28:33AM -0300: >>> Good news everyone! >>> >>> The last time I reported a security flaw to facebook, it took around 6 >>> weeks until they replied, >>> telling me that there was no flaw at all. Perhaps that's why I decided >>> to make public any flaw on facebook from now on. >> [cut some technical details for readability] >>> (Properly replace the <EXTREMLY LONG MESSAGE HERE> before testing) >>> >>> This might not be the best vulnerability description ever, >>> but I hope it helps solving the condition as soon as possible. Have fun. >> What length of EXTREMELY LONG MESSAGE were you using in testing? 1K >> bytes, 1M, 1G? >> > > I couldn't tell, I started up with 1,000 chars and increased 1,000 by > 1,000 until 100,000 with parallel connections. But certainly, even if > you only full the text input using the regular UI from facebook, you'll > crash any regular box, or tablet. > Perhaps you should try with 1 Gb tho and see what happens, there's test > users you can create from the facebook.com/whitehat. > > -- > Success, *forward, quick.* Chris C. Russo > > Más de 100,000 Km recorridos, conservo direcciones, presiono con > ambición, avanzo con delicadeza, flexibilizo para alcanzar, creo > escenarios, cambio realidades. > > w: www.calciumsec.com > e: [email protected] > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ -- ฤ๊๊๊๊๊็็็็็๊๊๊๊๊็็็็ ฮ้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้้ ฦ้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้ BaconZombie LOAD "*",8,1 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
