Re: [Full-disclosure] Facebook URL redirection issue



On Sun, Apr 3, 2011 at 4:26 PM, Javier Bassi <javierbassi@xxxxxxxxx> wrote:

Reported this issue to Facebook team on 03/22/11 and Facebook team
acknowledged this issue on 03/29/11 and fixed this vulnerability.

They still have redirects on apps made by their users, and they don't care
http://apps.facebook.com/truthsaboutu/track.php?r=http://www.google.com
and if someone falls in basic phishing with facebook domain, he will
fall with apps.facebook subdomain too.

Btw, linkedin has open redirect too and they couldn't care less about it
http://www.linkedin.com/redirect?url=www.google.com


Probably because it's not a big deal?

What next, an advisory about how massive quantities of "open redirectors"
have been found on bit.ly, goo.gl and tinyurl.com ?


Cheers
Chris



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/