Security researcher Dan Melamed recently discovered a new vulnerability in Facebook. The open URL redirection vulnerability essentially allows a potential hacker to have facebook.com redirected to any other URL of his choice.
In a post penned down on his site, Melamed has given a brief explanation of the flaw. This vulnerability could be used to trick a user into clicking on a Facebook link when in fact, that link could be redirecting to some other third-party website containing nefarious malware.
For instance, if you click on the URL given below, you are redirected to Facebook’s home page:
But if you replace the URL at the end with some other random string, a unique variable is generated and passed on to Facebook’s Linkshim. For instance, if you replace http://facebook.com/campaign/
Now, to redirect a valid Facebook URL to a URL of your own liking, all you have to do is take out the ‘http://’ portion out of it. In the case of http://facebook.com/campaign/
All a hacker needs to do is craft a URL like that and then trick a Facebook user into clicking it. Facebook cites that it is able to ban such automatic redirection using Facebook URLs because it uses I.php method. But like Melamed says, “Not all malware/spam can be caught by facebook, and by the time a link is banned, an attacker would have already moved on to another link.”
The proof-of-concept video of the exploit is posted above. Melamed was lucky that Facebook responded timely to his report and approved it as a valid exploit, paying him $1000 as a reward.
Source: Dan Melamed
Courtesy: The Hacker News