Bug Bounty

Mon
10
Oct
Editorial_Staff_Team's picture

Facebook API v2.1 hit by RFC6749 Open Redirect Attack Vulnerability

Facebook API v2.1 hit by RFC6749 Open Redirect Attack Vulnerability

The vulnerability laboratory core team researcher "SaifAllah benMassaoud" discovered a zero-day RFC6749 Open Redirector Attack in Facebook API v2.1. The RFC6749 Open Redirector Attack vulnerability allows remote attacker to prepare manipulated client-side application to browser requests which is specially crafted to take them to an arbitrary website, the target website could be used to serve a malware attack.

Sat
03
Sep
Editorial_Staff_Team's picture

Parse HTTP Host Header Attack - Redirect Bug

Parse HTTP Host Header Attack - Redirect Bug

The vulnerability laboratory core research team (SaifAllah benMassaoud) discovered a HTTP HOST Header attack (Injection & Redirection) via X-Forwarded-Host in the official Parse online service web-application. The host header can be changed to something outside the target domain and cause it to redirect to an attackers malicious site. The HTTP HOST Header attack (Injection & Redirection ) via X-Forwarded-Host vulnerability is located in the `/user_session/new/` and "/account/plan/" modules GET method request.
 

Pages

Subscribe to RSS - Bug Bounty