Did anyone get chance to go thru the below. Let me add few more details for your research. The below mail headers shows a CSRF, XSS attacks examples. Please go thru all IMG related tags then you will know. Probably this can help you study in the subject (How Facebook Can Be Compromised/Impersonated). Also this will through some lights on issue of how rogue applications like beach babes impacting users, posted today.
Regards Sandeep Thakur On Fri, May 21, 2010 at 2:57 AM, Sandeep Thakur <[email protected]>wrote: > Let your know about how you have to check this infact.... you have to check > the original email with all headers. Given below the original email with > headers for everyone reference: > > ------------- > > > > Delivered-To: [email protected] > Received: by 10.141.37.16 with SMTP id p16cs192037rvj; > Sat, 15 May 2010 21:54:13 -0700 (PDT) > Received: by 10.141.187.9 with SMTP id o9mr2331623rvp.211.1273985653009; > > Sat, 15 May 2010 21:54:13 -0700 (PDT) > Return-Path: <[email protected]> > Received: from www.bagcrafters.com ([74.208.166.151]) > > by mx.google.com with SMTP id t1si9872196rvl.76.2010.05.15.21.54.12; > Sat, 15 May 2010 21:54:12 -0700 (PDT) > Received-SPF: neutral (google.com: 74.208.166.151 is neither permitted nor > denied by best guess record for domain of [email protected]) > client-ip=74.208.166.151; > > Authentication-Results: mx.google.com; spf=neutral (google.com: > 74.208.166.151 is neither permitted nor denied by best guess record for > domain of [email protected]) [email protected] > > Date: Sun, 16 May 2010 00:46:01 +0400 > To: <[email protected]> > > From: Facebook <[email protected] > <notification%[email protected]>> > > Reply-to: noreply <[email protected]> > > Subject: Facebook Support sent you a message on Facebook... > Message-ID: <[email protected]> > > X-Priority: 3 > X-Mailer: ZuckMail [version 1.00] > X-Facebook-Notify: msg; from=124112171639398; t=151694426525; > mailid=CA2DDD7Da65B9F6Ab114Cb01d4e0Ce > Errors-To: [email protected] > <notification%[email protected]> > > X-FACEBOOK-PRIORITY: 0 > MIME-Version: 1.0 > Content-Type: text/html; charset = "UTF-8" > Content-Transfer-Encoding: 7bit > > > <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional //EN"> > > <html><head><meta http-equiv="Content-Type" content="text/html; > charset=utf-8"><title>Facebook</title></head><body style="margin: 0; padding: > 0;" dir="ltr"><table width="98%" border="0" cellspacing="0" > cellpadding="40"><tr><td bgcolor="#f7f7f7" width="100%" style="font-family: > lucida grande, tahoma, verdana, arial, sans-serif;"><table cellpadding="0" > cellspacing="0" border="0" width="620"><tr><td style="background: #3b5998; > color: #fff; font-weight: bold; font-family: lucida grande, tahoma, verdana, > arial, sans-serif; padding: 4px 8px; vertical-align: middle; font-size: 16px; > letter-spacing: -0.03em; text-align: left;">facebook</td></tr><tr><td > style="background-color: #fff; border-bottom: 1px solid #3b5998; border-left: > 1px solid #ccc; border-right: 1px solid #ccc;font-family: lucida grande, > tahoma, verdana, arial, sans-serif; padding: 15px;" valign="top"><table > width="100%"><tr><td width="100%" style="font-size: 12px;" valign="top" > align="left"><div style="margin-bottom: 15px;"><a > href="http://www.facebook.com";>Facebook</a> sent you a message.</div><div > style="margin-bottom: 15px;"><table cellpadding="0" cellspacing="0" > style="width: 90%; font-size: 12px;"><tr><td colspan="2" > style="border-top:1px solid #cfd7e4;"></td></tr><tr><td valign="top" > style="padding: 7px 7px 7px 0px; width: 57px;"><a > href="http://www.facebook.com";><img > src="http://static.ak.fbcdn.net/rsrc.php/z5HB7/hash/ecyu2wwn.gif"; > alt="Facebook" style="border: 0; width:50px; " /></a></td><td valign="top" > align="left" style="padding: 7px 0px;"><div style="padding-bottom: 7px;"><a > style="font-weight: bold;" href="http://www.facebook.com";>Facebook</a><span > style="padding-left: 7px; color: #888;"> </span></div><div > style="padding-bottom: 7px;">Subject: Important information</div><div > style="padding-bottom: 7px;"> </div></td></tr><tr><td colspan="2" > style="border-top:1px solid > #cfd7e4;"></td></tr></table></div></td></tr></table><div style="padding-top: > 15px;"><table width="100%" cellspacing="0" cellpadding="0"><tr><td > style="background-color: #FFF8CC; border: 1px solid #FFE222; color: #333; > padding: 10px; font-size: 11px;"><div style="font-weight: bold; > margin-bottom: 2px;">To read this message, follow the link below:</div><a > href="http://profibrosis.org/participants.html"; style="color: #3b5998; > text-decoration: > none;">http://www.facebook.com/n/?inbox/readmessage.php&t=1896555548701&mid=e57eb542edf6134cc3d131c422355f97&n_m=facebook > team</a></td></tr></table></div></td></tr><tr><td style="color: #999; > padding: 10px; font-size: 11px; font-family: lucida grande, tahoma, verdana, > arial, sans-serif;">This message was intended for you. If you do not wish to > receive this type of email from Facebook in the future, please click on the > link below to unsubscribe. > > http://www.facebook.com/o.php?k=5b6f4f&u=1424721642895&mid=6debdc83342b2e8d5d2e0c10ec2db015 > Facebook`s offices are located at 1601 S. California Ave., Palo Alto, CA > 94304.</td></tr></table></td></tr></table></body></html> > > > > ------------- > > Regards > Sandeep Thakur > > > On Thu, May 20, 2010 at 2:17 PM, Sandeep Thakur <[email protected]>wrote: > >> In addition to the mail sent with subject "Facebook Password Reset Scam >> By Macfee" by Amardeep last day, I would like to share one such real spam >> mail to you all. Can any point in the code where is the problem... a perfect >> XSS example though.... given you hint rather... >> >> >> >> Regards >> Sandeep Thakur >> >> >> ---------- Forwarded message ---------- >> From: Facebook >> <[email protected]<notification%[email protected]> >> > >> Date: Sat, May 15, 2010 at 1:46 PM >> Subject: Facebook Support sent you a message on Facebook... >> To: [email protected] >> >> >> facebook >> Facebook sent you a message. >> [image: Facebook] >> Facebook >> Subject: Important information >> To read this message, follow the link below: >> http://www.facebook.com/n/?inbox/readmessage.php&t=1896555548701&mid=e57eb542edf6134cc3d131c422355f97&n_m=facebook >> team >> This message was intended for you. If you do not wish to receive this >> type of email from Facebook in the future, please click on the link below to >> unsubscribe. >> http://www.facebook.com/o.php?k=5b6f4f&u=1424721642895&mid=6debdc83342b2e8d5d2e0c10ec2db015Facebook`s >> offices are located at 1601 S. California Ave., Palo Alto, CA >> 94304. >> >> > -- You received this message because you are subscribed to the Google Groups "nforceit" group. To post to this group, send an email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/nforceit?hl=en-GB.
![http://static.ak.fbcdn.net/rsrc.php/z5HB7/hash/ecyu2wwn.gif"](https://static.ak.fbcdn.net/rsrc.php/z5HB7/hash/ecyu2wwn.gif"){kind=link}