

Hacker says security flaw let him access any Facebook profile - shirkey
http://news.cnet.com/8301-1023_3-57570811-93/hacker-says-security-flaw-let-him-access-any-facebook-profile

======
judofyr
Facebook's OAuth2 implementation is so broken. Homakov found a X-XSS-
Protection-related issue: [http://homakov.blogspot.no/2013/02/hacking-
facebook-with-oau...](http://homakov.blogspot.no/2013/02/hacking-facebook-
with-oauth2-and-chrome.html).

After reading Homakov's and Nir's discussions I started looking for some bugs
myself. And guess what? ~10 hours later I found _another_ access_token-
stealing exploit that has the same implications as Nir's exploit (although
mine doesn't work in all browsers). Reported it 2 days ago.

Wouldn't surprise me if there's more bugs/exploits to be discovered :(

~~~
itsnotvalid
And since Homakov gave quite a detailed description of the class of bugs, it
would be quite dangerous to use a browser with an active session to facebook
now.

------
sktrdie
No proof of the exploit?

~~~
delroth
Facebook acknowledged it and the researcher who found the vulnerability got a
bounty from FB.

