Facebook 2015 (Video) - Filter Bypass & Unauthorized Exception Redirect Vulnerability
A filter validation issue is existant in the exception-handling that normally redirects to the original facebook source. Ever if an error comes up the website will show the context in the secure exception and redirects on okey click to the original valid source. In case of terminating the string (%00%00_%3F) with extended <_ it is possible to bypass the exception-handling filter exception to redirect invalid source to an external target.
The video demonstrates how to bypass the filter validation by confusing the context copying with the non encoded url that invalid. By generating a payload that is ahead in the display value and atleast in the url ref the target exception redirect can be manipulated.
Advanced Persistent Threat Golden_hands - Digital Bank Robbery of the Year 2020
Facebook Security - 12.500$ Bug Bounty reward to Security Researcher
Bug Bounty Program Award Winners 2014 - Exclusive Interview by Microsoft & PayPal
Shopify | Buy Button | Persistent Embed POST Inject Vulnerability