Sunday, May 9, 2010

Facebook redirection XSS


Exploit: Facebook Xss Redirection



The above mentioned URL can can be manipulated by appending some malicious encoded URL and can be used for phishing purposes. However facebooks doesnt allow illegitimate redirections so a warning page is displayed





However if this redirection is through a facebook application or trusted source the person can be redirected to a phishing page.

No comments:

Post a Comment