Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Serious XSS vulnerability discovered in Facebook

Anonymous Coward writes | more than 7 years ago

Security 0

An anonymous reader writes "A new XSS vulnerability was found in Facebook, allowing executable code to be injected in a user's profile; this compromises the security of both the profile owner and all profile viewers. The article includes a sketch of the attack, a white paper that gives a detailed explanation of how such an attack can be used, and a video demo. Facebook is set up so that once a single hidden value has been obtained, any form can be submitted with that user's credentials. One would think that XSS vulnerabilities are common and serious enough that Facebook would have set up their site so that the entire site is not laid open by a single attack. (The article does not disclose the location of the XSS hole since it has not yet been patched.)"
Link to Original Source

Sorry! There are no comments related to the filter you selected.

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?