Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
Trust the World's Fastest VPN with Your Internet Security & Freedom - A Lifetime Subscription of PureVPN at 88% off. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. ×
Security

Submission + - Serious XSS vulnerability discovered in Facebook (virginia.edu)

An anonymous reader writes: A new XSS vulnerability was found in Facebook, allowing executable code to be injected in a user's profile; this compromises the security of both the profile owner and all profile viewers. The article includes a sketch of the attack, a white paper that gives a detailed explanation of how such an attack can be used, and a video demo. Facebook is set up so that once a single hidden value has been obtained, any form can be submitted with that user's credentials. One would think that XSS vulnerabilities are common and serious enough that Facebook would have set up their site so that the entire site is not laid open by a single attack. (The article does not disclose the location of the XSS hole since it has not yet been patched.)
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Serious XSS vulnerability discovered in Facebook

Comments Filter:

"Don't worry about people stealing your ideas. If your ideas are any good, you'll have to ram them down people's throats." -- Howard Aiken

Working...