Bumper Sticker on Facebook

Date: February 4, 2008

Vulnerabilities:

Able to add a bumper sticker to profile and make it appear to have been sent by any other application user

Progress: Bumper Sticker has been notified.

Details: Illustrating what I posted the other day, I discovered tonight that I could use a query string hack to add bumper stickers and make them appear to be sent from other users. Nothing major, just a possible source of embarassment, but once again shows how even popular applications (Bumper Sticker currently has nearly a million daily active users) can be susceptible to such problems.

No Comments

Trackbacks/Pingbacks

bumper stickers for facebook - [...] [...]

Facebook is definitely the new email... every time I login, I see more joke images that friends have forwarded.
04:29:53 PM October 07, 2011 from web
More interesting XSS challenges from @0x6D6172696F lately: http://t.co/5fVmZzJw solutions posted, http://t.co/y4QNU86V just went live!
03:57:50 PM October 06, 2011 from web
Wait, what? RT @InsideNetwork Facebook Reveals More Details About Timeline, Including an Approval Process for OG Apps http://t.co/RAYAQm7k
07:27:11 PM October 05, 2011 from web
Whoa - Facebook now has more users than the entire Internet had in 2004 when the company was founded: http://t.co/onoXgKyS
06:01:31 PM October 05, 2011 from web
Today's "whois hack" story again highlights my concern that the tech press seems to often go for "FIRST!" before confirming tech details...
09:02:26 PM October 04, 2011 from web

Bumper Sticker on Facebook

Trackbacks/Pingbacks

Leave a Reply

Further Updates from Twitter

Search Archives

Facebook Page

Content License

Post Archives