Reported By: Tom Eston
Current Monthly Active Users: 674,027
Current Rank on Application Leaderboard: 164
Application Developer: Ninua, Inc.
Responsiveness: Ninua responded quickly and issued a patch within 24 hours. Furthermore, they went back and scanned all of their pages for holes, then did a second sweep the next week.
Vulnerability Status: Patched
- One could insert FBML into the Link Name field for links in a user’s profile. This code would then be rendered when someone viewed the profile.
- At least one page appeared to have a SQL injection hole. As an example, searching for \’test producing a lengthy SQL error.
- One page, http://apps.facebook.com/blognetworks/userpage.php, was vulnerable to both SQL injection and XSS by inserting text into the uid parameter, such as \<img src=””>.
Notes: This is the first example of a persistent XSS hole in a Facebook application that I became aware of, and full credit for the find goes to security researcher Tom Eston, one of the main people behind SocialMediaSecurity.com.
Share with your friends!