Bumper Sticker on Facebook

Date: February 4, 2008

Vulnerabilities:

Able to add a bumper sticker to profile and make it appear to have been sent by any other application user

Progress: Bumper Sticker has been notified.

Details: Illustrating what I posted the other day, I discovered tonight that I could use a query string hack to add bumper stickers and make them appear to be sent from other users. Nothing major, just a possible source of embarassment, but once again shows how even popular applications (Bumper Sticker currently has nearly a million daily active users) can be susceptible to such problems.

No Comments

Trackbacks/Pingbacks

bumper stickers for facebook - [...] [...]

Point of my last tweet: The data's already there via the API. It's only policy, not technology, preventing people from harvesting it.

Posted about 8 hours ago from web
"This data was not manually put on Infochimps by MySpace, but retrieved and packaged from their API by Infochimps and placed on our site."

Posted about 10 hours ago from web
My last post may be the longest I've ever written - basically, everything you ever wanted to know about exporting your Facebook data.

Posted about 12 hours ago from web
I'm getting the most random pingbacks on my clickjacking post... seems like some sort of attempted SEO trickery.

Posted about 12 hours ago from web
RT @JulesPolonetsky I am a (privacy respecting, arms length) groupie of danah boyd (@zephoria); she talks privacy at sxsw http://j.mp/czuCLI

Posted about 13 hours ago from web

Bumper Sticker on Facebook

Trackbacks/Pingbacks

Leave a Reply

Further Updates via Twitter

Search Archives

An Updated Guide to Backing Up or...

Facebook Adds Code for Clickjacki...

Introducing Social Hacking’...

Using Google Buzz Can Expose Your...

Honesty Box Hacked

Easily View Hidden Facebook Photo...

Content License