Full Disclosure mailing list archives
Re: Clickjacking (?) on Facebook.com (Question)
From: Jann Horn <jann () thejh net>
Date: Thu, 12 Dec 2013 20:07:49 +0100
On Wed, Dec 11, 2013 at 10:18:09PM +0100, Stefan Schurtz wrote:
it is possible to load "https://www.facebook.com/login/reauth.php?next=https://www.facebook.com/confirmphone.php&display=popup" in another page.
[...]
My question: is this really not a security problem on Facebook?
It's say it is a problem, especially given that drag/drop isn't blocked on that page. Did you report this to Facebook yet?
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Clickjacking (?) on Facebook.com (Question) Stefan Schurtz (Dec 11)
- Re: Clickjacking (?) on Facebook.com (Question) Jann Horn (Dec 12)
- Re: Clickjacking (?) on Facebook.com (Question) Stefan Schurtz (Dec 12)
- Re: Clickjacking (?) on Facebook.com (Question) Nahuel GrisolĂa (Dec 13)
- Re: Clickjacking (?) on Facebook.com (Question) Stefan Schurtz (Dec 12)
- Re: Clickjacking (?) on Facebook.com (Question) Michal Zalewski (Dec 12)
- Re: Clickjacking (?) on Facebook.com (Question) Jann Horn (Dec 12)
- Re: Clickjacking (?) on Facebook.com (Question) Michal Zalewski (Dec 12)
- Re: Clickjacking (?) on Facebook.com (Question) Jann Horn (Dec 12)
- Re: Clickjacking (?) on Facebook.com (Question) Michal Zalewski (Dec 12)
- Re: Clickjacking (?) on Facebook.com (Question) Jann Horn (Dec 12)
- Re: Clickjacking (?) on Facebook.com (Question) Michal Zalewski (Dec 12)
- Re: Clickjacking (?) on Facebook.com (Question) Jann Horn (Dec 12)
- Re: Clickjacking (?) on Facebook.com (Question) Jann Horn (Dec 12)
- Re: Clickjacking (?) on Facebook.com (Question) Jann Horn (Dec 12)