Header
#RAWPASTE #FACEBOOK #UGETIT? #FACE #BOOK #LULZ #SECURE #MIRRORS @CannibalSec
Mirror 1: http://www.anonpaste.me/anonpaste2/index.php?b2e741b1ded1f93b #crtF5HouxNltwm5WgW7r6dzaKDLkJETXnksmiiSpJfs=
Mirror 2: http://www.anonpaste.me/anonpaste2/index.php?d077018d732ae7f3 #wjgnIVsYzvqHAbtQWOwfSgYtaV7/19j8vC7foA7y1CY=
FACEBOOK EXPLOIT AND VUNERABILITYS FOUNDED BY: #CANNIBALSEC
============================================================================
Exploit 1: Cross-domain JavaScript source file inclusion
The page at the following URL includes one or more script files from a third-party domain
http://www.facebook.com/badges/?ref=pf
http://b.static.ak.fbcdn.net/rsrc.php/v2/y6/r/Oczn1YJD530.js
How to fix??
------------
Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application
============================================================================
Exploit 2: Cookie set without HttpOnly flag
A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.
http://www.facebook.com/directory/people/
reg_ext_ref=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com
Solution
How to fix??
--------------
Ensure that the HttpOnly flag is set for all cookies.
============================================================================
GET OUR TOP STORIES
FOLLOW THEHACKERSBLOG
Exploit 3: Cross Site Request Forgery
A cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.
http://www.facebook.com/appcenter/category/music/?ref=pf
How to fix??
--------------
Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
============================================================================
Exploit 4: X-Content-Type-Options header missing
The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'
http://www.facebook.com/privacy/explanation
How to fix??
-------------
This check is specific to Internet Explorer 8 and Google Chrome. Ensure each page sets a Content-Type header and the X-CONTENT-TYPE-OPTIONS if the Content-Type header is unknown.
============================================================================
Exploit 5: X-Frame-Options header not set
X-Frame-Options header is not included in the HTTP response to protect against 'ClickJacking' attacks
http://www.facebook.com/privacy/explanation
How to fix??
---------------
Most modern Web browsers support the X-Frame-Options HTTP header, ensure it's set on all web pages returned by your site (if you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY.
============================================================================
Exploit 6: Information disclosure - sensitive information in URL
The request appeared to contain sensitive information leaked in the URL. This can violate PCI and most organizational compliance policies. You can configure the list of strings for this check to add or remove values specific to your environment
http://www.facebook.com/photo.php?v=4809778200644
the URL contains credit card informations. Parameter: v, value: 4809778200644
How to fix???
-------------
Do not pass sensitive information in URI's
============================================================================
Exploit 7: Password Autocomplete in browser
AUTOCOMPLETE attribute is not disabled in HTML FORM/INPUT element containing password type input. Passwords may be stored in browsers and retrieved.
http://www.facebook.com/r.php
How to fix??
---------------
Turn off AUTOCOMPLETE attribute in form or individual input elements containing password by using AUTOCOMPLETE='OFF'
============================================================================
Exploit 8: Cookie set without secure flag
A cookie has been set without the secure flag, which means that the cookie can be accessed via unencrypted connections.
https://www.facebook.com/ajax/intl/language_dialog.php?uri=https%3A%2F%2Fwww.facebook.com%2Fomaha%2F
datr=6Nn_UDgHVa7GDn6y0D3JRQtJ; expires=Fri, 23-Jan-2015 12:39:04 GMT; path=/; domain=.facebook.com; httponly
How to fix??
------------
Whenever a cookie contains sensitive information or is a session token, then it should always be passed using an encrypted tunnel. Ensure that the secure flag is set for cookies containing such sensitive information.
============================================================================
Footer
Tweet Tweet to @TheHackersBlog Catch Us On Google+
◙ Stay Connect with Us:- Facebook § Twitter § Google+ § LinkedIn § YouTube § Email Us ◙ 
THE ARTICLE IN THIS POST IS FOR INFORMATIVE AND EDUCATIONAL PURPOSE ONLY..FOR MORE INFORMATION OR FOR ANY QUERIES CONTACT US.
No comments:
Post a Comment