HTTP:: Top Facebook Applications Vulnerable to XSS and SQLi
--------
A Web security researcher has disclosed cross-site scripting weaknesses in the two most popular Facebook applications. He claims to have found similar flaws affecting other apps as well, including an SQL injection vulnerability in a Facebook-verified one.The self-confessed white hat hacker goes by the online handle of "theharmonyguy" and focuses on social networking application security research. According to his own account, during the month of September, he will be disclosing vulnerabilities in top Facebook applications, following the model of Aviv Raff's "Month of Twitter Bugs" initiative.During August, reputed security researcher Aviv Raff disclosed vulnerabilities in various Twitter applications in order to raise awareness regarding a new type of vulnerability, which he documented back in May. Dubbed "Cross-Web2.0 Scripting" by Raff, the new attack technique involves compromising a website's security by exploiting a vulnerability in a third-party application, that is a!
uthorized to use its API.Theharmonyguy's first victims for his "Month of Facebook Bugs" were "FarmVille" and "Causes." These two extremely popular applications are currently ranked as number 1 and 2 on Facebook's application leaderboard. FarmVille has a staggering number of 33,439,207 monthly active users, while Causes...
--------
http://news.softpedia.com/news/Top-Facebook-Applications-Vulnerable-to-XSS-and-SQLi-120823.shtml
--------
This e-mail was sent by Experiment23 Inc., located in New York, NY
10163. To not receive further e-mails, please visit
http://help.pingie.com
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment