Home / Vulnerability / Facebook URL redirection vulnerability discovered – Video

Facebook URL redirection vulnerability discovered – Video

The founder of illsecure.com, Junaid Hussain  has discovered a minor system flaw , URL redirection vulnerability, in Facebook.

Because the flaw can not cause much security issue, the security researcher published its details and explained in his website.

“The parameter ‘redirect_uri’ suffers from an open redirect vulnerability but the parameters ‘app_id’ or ‘client_id’ are required for a redirect to take place so therefore they must be given a value, but as there is no validity checks in place any random INVALID value is accepted.”

The security flaw is accordingly already reported to Facebook, and the Facebook Security Team is currently working on fixing this vulnerability.

Hussain added that, “an attacker can add a random invalid value to the parameters “app_id” and/or “client_id” and then change the value of the parameter “redirect_uri” and redirect facebook users to malicious sites such as phishing sites or sites with malware. ”

Source: illSecure.com

About Clifford Trigo

Hi there! I am Clifford Trigo from the island of Bohol, come over here and lets have fun! :3 Just keep reading :D