Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Facebook Bug Bounty #23 - Session ID & CSRF Vulnerability

From: Alfie John <alfiej () fastmail fm>
Date: Thu, 12 Feb 2015 12:03:09 +1100
On Thu, Feb 12, 2015, at 02:10 AM, Scott Arciszewski wrote:


Security Risk:
==============
The security risk of the security vulnerability in the facebook
framework is estimated as critical. (CVSS 9.1)



Care to run that calculation by us?


If this does work, you'd be able to enumerate _all_ Facebook users and
delete _all_ public comments. I'd say that's pretty critical.

Alfie

-- 
  Alfie John
  alfiej () fastmail fm

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Previous By Date Next
Previous By Thread Next

Current thread: