facebook Password Reset Vulnerability Found in

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Thursday, 10 May 2012

Facebook Bug #3: Arbitrary File Upload Vulnerability Found in attachments.facebook.com

Posted on 21:22 by freda
DescriptionSow Ching Shiong, an independent vulnerability researcher has discovered an Arbitrary File Upload vulnerability in attachments.facebook.com, which can be exploited by an attacker to compromise a victim's computer system.Proof of conceptHTTP Request===========POST /ajax/messaging/upload.php HTTP/1.1Accept: text/html, application/xhtml+xml, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows...
Read More
Posted in Arbitrary File Upload, Facebook | No comments

Thursday, 3 May 2012

Facebook Bug #2: Arbitrary File Upload Vulnerability Found in attachments.facebook.com

Posted on 02:17 by freda
DescriptionSow Ching Shiong, an independent vulnerability researcher has discovered an Arbitrary File Upload vulnerability in attachments.facebook.com, which can be exploited by an attacker to compromise a victim's computer system.Proof of conceptHTTP Request===========POST /ajax/messaging/upload.php HTTP/1.1Host: attachments.facebook.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1Accept:...
Read More
Posted in Arbitrary File Upload, Facebook | No comments

Microsoft Bug #1: Cross-Site Scripting (XSS) Found in connect.microsoft.com

Posted on 02:04 by freda
DescriptionSow Ching Shiong, an independent vulnerability researcher has discovered a Cross-Site Scripting (XSS) vulnerability in connect.microsoft.com, which can be exploited by an attacker to conduct XSS attacks.Proof of conceptTested in IE9 with XSS filter enabled============================http://connect.microsoft.com/sqlserver/searchresults.aspx?UserHandle=%2522%253E%2527%253E%253Cscript%2520%253Ealert%2528/XSS by Sow Ching Shiong/%2529%253B%253C%252Fscript%2520%253EConclusionThis...
Read More
Posted in Microsoft, XSS | No comments

Facebook Bug #1: Arbitrary File Upload Vulnerability Found in attachments.facebook.com

Posted on 01:50 by freda
DescriptionSow Ching Shiong, an independent vulnerability researcher has discovered an Arbitrary File Upload vulnerability in attachments.facebook.com, which can be exploited by an attacker to compromise a victim's computer system.Proof of conceptHTTP Request===========POST /ajax/messaging/upload.php HTTP/1.1Host: attachments.facebook.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1Accept:...
Read More
Posted in Arbitrary File Upload, Facebook | 17 comments
Newer Posts Older Posts Home
Subscribe to: Posts (Atom)

Popular Posts

  • Facebook Bug #1: Arbitrary File Upload Vulnerability Found in attachments.facebook.com
    Description Sow Ching Shiong, an independent vulnerability researcher has discovered an Arbitrary File Upload vulnerability in attachments.f...
  • Pligg CMS 1.1.4 Cross-Site Scripting (XSS) Vulnerability
    Description Pligg is an open source CMS (Content Management System) that you can download and use for free. Pligg CMS provides social publis...
  • Sybase EAServer 6.3.1 Directory Traversal Vulnerability
    Description Sybase EAServer is the leading solution for distributed and Web-enabled PowerBuilder applications. EA Server can be used to run ...
  • Microsoft Bug #1: Cross-Site Scripting (XSS) Found in connect.microsoft.com
    Description Sow Ching Shiong, an independent vulnerability researcher has discovered a Cross-Site Scripting (XSS) vulnerability in connect.m...
  • Trend Micro Control Manager 5.5 Directory Traversal Vulnerability
    Description Trend Micro Control Manager provides a convenient centralized security management console that is designed to minimize administr...
  • Facebook Bug #4: Password Reset Vulnerability Found in www.facebook.com
    Description Sow Ching Shiong, an independent vulnerability researcher has discovered a Password Reset vulnerability in www.facebook.com, whi...
  • Oracle Secure Backup 10.3.0.3.0 Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) Vulnerabilities
    Description Oracle Secure Backup is a general-purpose network data protection tool that simplifies and automates the backup and restore of f...
  • F-Secure Policy Manager Web Reporting 9.00.30231 Path Disclosure and Cross-Site Scripting (XSS) Vulnerability
    Description F-Secure Policy Manager Web Reporting allow administrators to identify computers that are unprotected or vulnerable to virus out...
  • FileCOPA FTP Server 5.02 Directory Traversal Vulnerability
    Description FileCOPA is a commercial FTP server for Windows that is available as shareware. Sow Ching Shiong, an independent vulnerability r...
  • HP System Management Homepage 6.2.2.7 Cross-Site Request Forgery (CSRF) Vulnerability
    Description HP System Management Homepage is a web-based interface that consolidates and simplifies the management of individual ProLiant an...

Categories

  • Adobe
  • Apache
  • Apple
  • Arbitrary File Upload
  • CSRF
  • Directory Traversal
  • F-Secure
  • Facebook
  • HP
  • Microsoft
  • Oracle
  • Password Reset
  • SQL Injection
  • Sybase
  • Symantec
  • Trend Micro
  • Twitter
  • XSS

Blog Archive

  • ►  2013 (1)
    • ►  January (1)
  • ▼  2012 (25)
    • ►  July (1)
    • ▼  May (4)
      • Facebook Bug #3: Arbitrary File Upload Vulnerabili...
      • Facebook Bug #2: Arbitrary File Upload Vulnerabili...
      • Microsoft Bug #1: Cross-Site Scripting (XSS) Found...
      • Facebook Bug #1: Arbitrary File Upload Vulnerabili...
    • ►  April (20)
Powered by Blogger.

About Me

freda
View my complete profile