Full Disclosure mailing list archives
Re: Facebook Bug Bounty #23 - Session ID & CSRF Vulnerability
From: Alfie John <alfiej () fastmail fm>
Date: Thu, 12 Feb 2015 12:03:09 +1100
On Thu, Feb 12, 2015, at 02:10 AM, Scott Arciszewski wrote:
Security Risk: ============== The security risk of the security vulnerability in the facebook framework is estimated as critical. (CVSS 9.1)Care to run that calculation by us?
If this does work, you'd be able to enumerate _all_ Facebook users and delete _all_ public comments. I'd say that's pretty critical. Alfie -- Alfie John alfiej () fastmail fm _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- Facebook Bug Bounty #23 - Session ID & CSRF Vulnerability Vulnerability Lab (Feb 11)
- Re: Facebook Bug Bounty #23 - Session ID & CSRF Vulnerability Scott Arciszewski (Feb 11)
- Re: Facebook Bug Bounty #23 - Session ID & CSRF Vulnerability Alfie John (Feb 12)
- Re: Facebook Bug Bounty #23 - Session ID & CSRF Vulnerability Julius Kivimäki (Feb 12)
- Re: Facebook Bug Bounty #23 - Session ID & CSRF Vulnerability Alfie John (Feb 12)
- Re: Facebook Bug Bounty #23 - Session ID & CSRF Vulnerability Scott Arciszewski (Feb 11)