Full Disclosure mailing list archives
Re: Facebook URL redirection issue
From: Chris Evans <scarybeasts () gmail com>
Date: Sun, 3 Apr 2011 23:22:16 -0700
On Sun, Apr 3, 2011 at 4:26 PM, Javier Bassi <javierbassi () gmail com> wrote:
Reported this issue to Facebook team on 03/22/11 and Facebook teamacknowledged this issue on 03/29/11 and fixed this vulnerability. They still have redirects on apps made by their users, and they don't care http://apps.facebook.com/truthsaboutu/track.php?r=http://www.google.com and if someone falls in basic phishing with facebook domain, he will fall with apps.facebook subdomain too. Btw, linkedin has open redirect too and they couldn't care less about it http://www.linkedin.com/redirect?url=www.google.com
Probably because it's not a big deal? What next, an advisory about how massive quantities of "open redirectors" have been found on bit.ly, goo.gl and tinyurl.com ? Cheers Chris
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Facebook URL redirection issue kiran Maraju (Apr 03)
- Re: Facebook URL redirection issue Javier Bassi (Apr 03)
- Re: Facebook URL redirection issue Chris Evans (Apr 03)
- Re: Facebook URL redirection issue Christian Sciberras (Apr 03)
- Re: Facebook URL redirection issue Chris Evans (Apr 03)
- Re: Facebook URL redirection issue Javier Bassi (Apr 03)