Sunday, May 9, 2010

Facebook redirection XSS

Exploit: Facebook Xss Redirection

The above mentioned URL can can be manipulated by appending some malicious encoded URL and can be used for phishing purposes. However facebooks doesnt allow illegitimate redirections so a warning page is displayed

However if this redirection is through a facebook application or trusted source the person can be redirected to a phishing page.