Hi Sir,
This endpoint contains a specialized parameter that limits its usage to a small number of computers and users, preventing it from being used as a completely open redirect. For more detailed background information, please see this note by one of the engineers on the product: http://www.facebook.com/notes/facebook-security/link-shim-protecting-the-people-who-use-facebook-from-malicious-urls/10150492832835766
=================================================================
Facebook Open Redirect Vulnerability
=================================================================
Affected Application : Main Website
Severity : Medium
Local/Remote : Remote
Vulnerable url : http://facebook.com/l.php?
[Summary]
Due to a parameter filtering weakness any supplied input is accepted; as result redirects a user to the parameter value without any validation.
Note: This vulnerability works for only few users, It won't work for every one.
Upadate: If the URL mentioned above does not work, kindly try the following:
www.facebook.com/l.php?u=https://google.com&h=YAQH4kMuY&s=1
No comments:
Post a Comment