News 1 — Critical CSRF Vulnerability

Critical CSRF Vulnerability Discovered In Facebook

Critical CSRF Vulnerability Facebook

Critical CSRF Vulnerability Discovered In Facebook

Critical CSRF Vulnerability Discovered In Facebook Recently, a bug bounty hunter Youssef Sammouda found a critical cross-site request forgery bug in the Facebook platform. This CSRF vulnerability could allow an attacker to take over accounts effortlessly. Sammouda has elaborated the details of his findings in a blog post. Explaining about the flaw, he wrote, “This is possible because of a vulnerable endpoint which takes another given Facebook endpoint selected by the attacker along with the parameters and make a POST request to that endpoint after adding the fb_dtsg parameter.” The vulnerable endpoint, as highlighted, was https://www.facebook.com/comet/dialog_DONOTUSE/?url=XXXX. Here, XXXX denotes the...

Leer más →