Jul. 21, 2009

Posted by in Facebook | 2 comments

Another Top Facebook Application Falls to Hacking

I can’t emphasize this enough: As the Facebook Platform is currently setup, nearly any XSS vulnerability in an application allows my hack from last month (I may need a name for this thing soon) to succeed.

Tonight, after two hours of poking around various applications, I once again successfully used my hack to access profile information via an XSS hole in an FBML application.  This particular application has over 10 million monthly active users.  It also luckily prevents a clickjacking install, but with such wide reach, a relaunch of the hack would affect many users anyway.

If any technology news site wants a great story on the security of the Facebook Platform, please get in touch – I simply want to get the word out on this issue to raise user awareness.

  1. Well, at least you’re a hacker and not a cracker.

  2. One of the guy hacks in and scored 1900+ in game, you can check game in the link. Hope you can suggest how to enhanced security.

Trackbacks/Pingbacks

  1. Facebook Hacked | Social Hacking - [...] the last few months, I have uncovered such holes in seven applications, three of which currently have monthly active ...

Leave a Reply