Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Hacking

Critical Facebook vulnerability allows account hacking

Security expert Dan Melamed discovered a critical Facebook vulnerability would allow an attacker to take complete control over any account. A critical Facebook vulnerability would allow an attacker to take complete control over any account, the discovery was made by Dan Melamed, a security researcher, web developer, self-employed internet marketer, and entrepreneur. Dan was recently […]

Critical Facebook vulnerability allows account hacking

Security expert Dan Melamed discovered a critical Facebook vulnerability would allow an attacker to take complete control over any account.

A critical Facebook vulnerability would allow an attacker to take complete control over any account, the discovery was made by Dan Melamed, a security researcher, web developer, self-employed internet marketer, and entrepreneur.

Dan was recently featured on Facebook’s Whitehat page, the researcher revealed that if the victim is logged into Facebook, to conduct that attack it is enough to induce him to visit a website link that once loaded allows the attacker to reset the victim’s password.

The Facebook vulnerability is related the “claim email address” component of the popular social network.

Facebook vulnerability Claim email address

If a user tries to add an email address already known to the Facebook platform, he has the option to “claim it”.

The Facebook vulnerability is the leak of the check of the account that make the claim request allowing an email to be claimed by any Facebook account.

The attack technique has the following pre-requirements

  • An existing account having the email address that the attacker wants to claim.
  • Another existing account to initiate the claim process.

POC

When user makes a claim request for an @hotmail.com email he is taken to a link that appears like this:

https://www.facebook.com/support/openid/proxy_hotmail.php?appdata[fbid]=AQ3Tcly2XEfbzuCqyhZXfb8_hYHTnHPPd-CDsvdrLzDnWLpsKTMcaXtIzV0qywEwbPs

The researcher found that the parameter appdata[fbid] was the encrypted email address. For the proof of concept the encrypted email used was “funnyluv196@hotmail.com”. The link will redirect user to the sign in page for Hotmail.

“You must sign in with the email address that matches the encrypted parameter. Once signed in, you are taken  to a final link that looks like this:
https://www.facebook.com/support/openid/accept_hotmail.php?appdata=%7B%22fbid%22%3A%22AQ3Tcly2XEfbzuCqyhZXfb8_hYHTnHPPd-CDsvdrLzDnWLpsKTMcaXtIzV0qywEwbPs%22%7D&code=a6893043-cf19-942b-c686-1aadb8b21026

Analyzing the source code it’s possible to note that the claim email process has succeeded:

 <script type="text/javascript">window.opener.location.href = "\/claim_email\/add_email\/check_code?email=funnyluv196\u002540hotmail.com&openid=1"; window.close();</script>

Dan Melamed remarked two important aspects on the exploit of Facebook vulnerability:
– The link expires in around 3 hours, giving plenty of time for a hacker to use it.
– It can be visited on any Facebook account because there is no check to see who made this request.

To trick the victim the hacker has just to insert the following link on a webpage as either an image or an iframe

Example:

<img src=”https://www.facebook.com/support/openid/accept_hotmail.php?appdata=%7B%22fbid%22%3A%22AQ3Tcly2XEfbzuCqyhZXfb8_hYHTnHPPd-CDsvdrLzDnWLpsKTMcaXtIzV0qywEwbPs%22%7D&code=a6893043-cf19-942b-c686-1aadb8b21026″ width=”0″ height=”0″/>

inducing the victim click on it sending to the victim a link (http://evilsite.com/evilpage.html)

“Once clicked, the email (in this case: funnyluv196@hotmail.com) is instantly added to their Facebook account. The victim does not receive any notification whatsoever that this email has been added. The hacker can then reset the victim’s password using the newly added email address. Thus allowing the attacker to take complete control over the Facebook account.”

Facebook vulnerability Video POC

 

This vulnerability has been confirmed to be patched by the Facebook Security Team, fortunately the group is very responsive as demonstrated for the fix of other recent flaws. It must be considered that the popular social networking platform is very attractive for cybercrime and many other categories of attackers, cyber security is a critical aspect for its business success.

Pierluigi Paganini

(Security Affairs – Facebook vulnerability, hacking)