FAXX Hack: Trazzler

Facebook Verified Application

Current Monthly Active Users: 5,448

Current Rank on Application Leaderboard: 2,833

Application Developer: Trazzler

Responsiveness: The developers at Trazzler have been responsive, and I’ve been working with them to try and get the hole patched. I was honestly a little disappointed by the information they got from Facebook about the hole, but that’s for another post.

Vulnerability Status: Unpatched Patched Sep. 24

Example URI: http://apps.new.facebook.com/trazzler/ajax/browse_navigation/?browse-search=%3Cfb%3Aiframe+src%3D’http%3A%2F%2FEVILURI%2F’%3E

Notes: See the leaderboard rank of Trazzler? I chose to check it after looking at the list of Facebook Verified Applications, which means AppData lists around 2,800 applications I haven’t checked which have higher MAU than Trazzler. This Month of Facebook Bugs only begins to scratch the surface of Facebook applications.

New favorite site: http://t.co/q2yl2MmH Free commercial-use fonts that are actually good quality. (Not an ad, I'm a font geek.) HT @LeaVerou
about 3 hours ago from web
Also on that movie ARG: no sign of a privacy policy on permissions request, app description, or app page itself. #nothanks
08:32:05 PM October 13, 2011 from web
Tried movie ARG via FB; perms: email, posting, offline access, friend lists, bday, city, photos, & friends' bday, family, relationship, city
08:31:32 PM October 13, 2011 from web
Summary of my iTunes trouble: Every time I try to backup my iPhone, AppleMobileBackup.exe starts, then goes to 0% CPU. Progress bar freezes.
07:41:16 PM October 13, 2011 from web
OK Internet... if anyone can help me with my iTunes backup trouble, I'd be eternally grateful and stop ranting about it. Please drop a line.
07:40:07 PM October 13, 2011 from web

FAXX Hack: Trazzler

Leave a Reply

Further Updates from Twitter

Search Archives

Facebook Page

Content License

Post Archives