Facebook comes with an anti-CSRF system based on two tokens, respectively called post_form_id and fb_dtsg. These tokens change frequently, and are certainly built upon several parameters including time of day, time of account creation, user id, and many others. Determining the values of these tokens for a specific user is, to our view, impossible.
Fortunately, Facebook provides a functionality called “profile preview”, allowing users to see how their own profile appears to any other user. It can be accessed using the URL
More Detailshttp://www.wargan.com/facebook-multiple-vulnerabilities-051010.php
Monday, October 4, 2010
Facebook CSRF and XSS vulnerabilities
0
About Me
- За Zer0-0ne
- Блог за истражување и развој на информациска безбедност, кој е наменет за постирање на најнови ранливости и слабости. Founder darknessn1k0!4
0 comments:
Post a Comment