Re: Facebook URL redirection issue

[Javier Bassi <javierbassi () gmail com>]

> Reported this issue to Facebook team on 03/22/11 and Facebook team acknowledged this issue on 03/29/11 and fixed this 
> vulnerability.

They still have redirects on apps made by their users, and they don't care
http://apps.facebook.com/truthsaboutu/track.php?r=http://www.google.com
and if someone falls in basic phishing with facebook domain, he will
fall with apps.facebook subdomain too.

Btw, linkedin has open redirect too and they couldn't care less about it
http://www.linkedin.com/redirect?url=www.google.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/