You are here

HomeBug Bounty › Whitehat Hacker discovered details of an application-side Facebook Studio Dashboard Vulnerability ›

Whitehat Hacker discovered details of an application-side Facebook Studio Dashboard Vulnerability

Submitted by Editorial_Staff_Team on Fri, 12/12/2014 - 13:00

Whitehat Hacker discovered details of an application-side Facebook Studio Dashboard Vulnerability

The independent vulnerability laboratory researcher paulos yibelo discovered an application-side vulnerability in the official facebook studio online-service. The vulnerability has been tracked with ID "219162244" in the official bug bounty program.

The vulnerability is located in the dashboard module of the facebook studio service. Remote attackers are able to inject own script codes to the mobile client of facebook. After the inject of the payload the attacker can visit the dashboard service to execute the script codes. The vulnerability was disclosed during a pentest of the htmlentities on fb mobile client to the facebook studio service. The attack vector of the issue is persistent and the request method to inject is POST.

The security risk of the persistent vulnerability is estimated as medium with a cvss (common vulnerability scoring system) count of 3.5. Exploitation of the persistent security vulnerability requires a low privileged web-application user account and medium user interaction. Successful exploitation of the vulnerability results in persistent phishing attacks, persistent session hijacking attacks, persistent external redirect to malicious sources and application-side manipulation of affected or connected module context.  

Request Method(s):
POST

Vulnerable Module(s): Input
https://m.facebook.com/editprofile.php?type=contact&edit=website&refid=17

Affected Module(s): Output
https://www.facebook-studio.com/dashboard#_=_

Manual steps to reproduce the vulnerability

1. Open the following fb mobile webpage https://m.facebook.com/editprofile.php?type=contact&edit=website&refid=17 Note: (using Firefox)

2. Then remove all the URLs you have (if you have any)

3. Add for example "https://somethinag.com/"onmouseover="alert(31337);­." (without the quotes)

4. After that surf to https://www.facebook-studio.com/dashboard#_=_ and you will have your stored XSS. Note: Facebook didnt use htmlentity to the url when processing to add it in the database. When-ever being rendered, it wont be a second-order-injection.

5. Successful reproduce of the vulnerability! The full payload you need to add to your website is ... PoC: https://url-source.com/"style="font-size:900px;"onmouseover="alert(31337);­.

Note: The full payload you need to add to your website is listed above.

Advisory: https://vulnerability-lab.com/get_content.php?id=1368

Rate this article: 
Average: 3.3 (1262 votes)

Comments

Submitted by HamzaWhitehat on Tue, 08/11/2015 - 22:30

awesome

Submitted by TomHack on Wed, 07/27/2016 - 12:40

Important part of anybody life to be secured Sometimes really urgent to find or hire a hacker. We need to safe and protect our data and information from our cyber crime.

Submitted by Punit on Wed, 11/22/2017 - 12:02
Please share the method of connecting outside the network using Metasploit. I tried before but meterpreter does not work or we can say exploit is not working.. please share that method.

Submitted by NathanSon on Fri, 08/03/2018 - 01:42
Хорошее отношение к делу

Submitted by RogerThemi on Mon, 10/22/2018 - 14:36
exciting but simply marvelous

Submitted by walden farms re... on Tue, 11/20/2018 - 00:44
It's going to be ending of mine day, however before finish I am reading this article to increase my knowledge about inspiring whitehat hackers.

Add new comment

More information about text formats

Plain text

  • No HTML tags allowed.

Syndicate

Subscribe to Syndicate