- dotTech - http://dottech.org -
Facebook system flaw gave a hacker access to every single person’s entire account
Posted By Enrique Manalang On February 26, 2013 @ 1:19 AM In World Wide Web | 4 Comments
Nir Goldshlager runs a “Web Application Security Blog.” He’s also happened to find a variety of security holes and exploits on sites like Facebook, Twitter and PayPal. His latest discovery, however, was a glaring hole in Facebook’s OAuth system: Nir was able to find a flaw that gave him access to everyone’s entire Facebook account — without having to install anything, or even click the “allow” button for apps.
I found a way in to get full permissions (read inbox, outbox, manage pages, manage ads, read private photos, videos, etc.) over the victim account even without any installed apps on the victim account…
Here’s the video that Nir posted on his blog, detailing his method:
Don’t bother trying this yourself though, as Facebook has already fixed it. But it doesn’t change the fact that there are such serious flaws in a site where more than a billion people have information stored. And what if Nir didn’t discover this and post it for everyone to see?
Article printed from dotTech: http://dottech.org
URL to article: http://dottech.org/98519/facebook-system-flaw-gave-a-hacker-access-to-every-single-persons-entire-account/
URLs in this post:
 Image: http://cdn.dottech.org/media/2013/02/facebook2.png
 Nir Goldshlager: http://www.nirgoldshlager.com/2013/02/how-i-hacked-facebook-oauth-to-get-full.html
 Gizmodo: http://gizmodo.com/5986710/a-facebook-privacy-flaw-gave-a-hacker-access-to-every-single-account?post=57755378
© 2008-2012 dotTech.org | All content is the property of its rightful owner.