Technological News Portal

Open URL Redirection Vulnerability Discovered In Facebook

Security researcher Dan Melamed recently discovered a new vulnerability in Facebook. The open URL redirection vulnerability essentially allows a potential hacker to have facebook.com redirected to any other URL of his choice.


Facebook

In a post penned down on his site, Melamed has given a brief explanation of the flaw. This vulnerability could be used to trick a user into clicking on a Facebook link when in fact, that link could be redirecting to some other third-party website containing nefarious malware.

For instance, if you click on the URL given below, you are redirected to Facebook’s home page:

http://facebook.com/campaign/landing.php?url=http://yahoo.com

But if you replace the URL at the end with some other random string, a unique variable is generated and passed on to Facebook’s Linkshim. For instance, if you replace http://facebook.com/campaign/landing.php?url=http://yahoo.com with http://facebook.com/campaign/landing.php?url=asdf, the URL parameter is passed on to Facebook’s Linkshim in the following form: http://www.facebook.com/l.php?u=asdf&h=mAQHgtP_E

Now, to redirect a valid Facebook URL to a URL of your own liking, all you have to do is take out the ‘http://’ portion out of it. In the case of http://facebook.com/campaign/landing.php?url=http://yahoo.com, if you enter http://facebook.com/campaign/landing.php?url=yahoo.com it automatically takes the user to yahoo.com.

All a hacker needs to do is craft a URL like that and then trick a Facebook user into clicking it. Facebook cites that it is able to ban such automatic redirection using Facebook URLs because it uses I.php method. But like Melamed says, “Not all malware/spam can be caught by facebook, and by the time a link is banned, an attacker would have already moved on to another link.”

The proof-of-concept video of the exploit is posted above. Melamed was lucky that Facebook responded timely to his report and approved it as a valid exploit, paying him $1000 as a reward.

Source: Dan Melamed

Courtesy: The Hacker News

[ttjad keyword=”cloud-storage-drive”]

You might also like
Why Not Join 250,000+ Readers, Like You!
AND GET OUR LATEST CONTENT IN YOUR INBOX

SUBSCRIBE 
Your information will never be shared
close-link