Tài Liệu Hack + Crack: How I Hacked Facebook OAuth To Get Full Permission On Any Facebook Account (Without App "Allow" Interaction)

Chủ Nhật, 10 tháng 3, 2013

How I Hacked Facebook OAuth To Get Full Permission On Any Facebook Account (Without App "Allow" Interaction)

Hi,

I decided to share one of my favorite flaws i discovered in facebook.com,

This flaw allowed me to take a full control over any Facebook account,

By exploiting this flaw I could steal unique access tokens that provides me full control over any Facebook account,

just to clarify there is no need for any installed apps on the victim's account, Even if the victim never allowed any application in his Facebook account, I could still be getting full permissions (This bug works on any browser)

To make this exploit work, The victim only need to visit a webpage,
So OAuth is used by Facebook to communicate between Applications and Facebook users, Usally users must allow/accept the application request to access their account before the communication can start.

Tài Liệu Hack + Crack

Chủ Nhật, 10 tháng 3, 2013

How I Hacked Facebook OAuth To Get Full Permission On Any Facebook Account (Without App "Allow" Interaction)

Không có nhận xét nào:

Đăng nhận xét