Comments on: SuperPoke XSS Vulnerability

By: theharmonyguy

theharmonyguy — Sat, 11 Jul 2009 01:44:27 +0000

@Sebastian: I’m working now on a far less technical explanation of how these problems work.

As you can see from my site, I’ve been tinkering with Facebook apps for quite a while. I noticed that SuperPoke was using an insecure setup a while ago, but it wasn’t that big a deal until Facebook introduced access to the API via JavaScript, which enabled my proof-of-concept exploit.

By: Sebastian Atudosie

Sebastian Atudosie — Sat, 04 Jul 2009 22:16:20 +0000

Hi, I’m just reading your stuff about facebook, and I’m like “WOW!” I didn’t know about all these things, but you use a lot of big words, can you please speak more…..easily to understand?

Anyway, how did you find out about these problems?

By: meh

meh — Sat, 13 Jun 2009 10:19:23 +0000

“I thought it would not be wise to release details publicly given the significance of this attack” haha yah, that’s why you’ve had such a response. This is mickey mouse garbage. Go “superpoke” your boyfriend, your not a “security researcher’.