White paper on Facebook XSS

Adrienne Felt is a student of University of Virginia's School of Engineering, double majoring in computer science (B.S.) and mathematics. She is "currently examining the Facebook  Platform as a case study on the security of mashups", and recently discovered a serious XSS vulnerability affecting the popular social networking website.

Quoting from her e-mail about the Facebook XSS issue: "It  allows someone to add executable code to a profile (thereby compromising anyone who views the profile).  Since Facebook uses a  single "secret" form ID for all forms on the site, the exploit opens  up the entire site. The fun part is that the code could propagate by calling a form to install itself to the user's profile.

I wrote up a detailed step-by-step paper on how to exploit such a vulnerability (However, it does not include the exact location of  the XSS hole).  The paper is located at http://www.cs.virginia.edu/felt/fbook/facebook-xss-censored.pdf.  There's also a shorter writeup and a demo available at http://www.cs.virginia.edu/felt/fbook/."

The white paper is titled "Defacing Facebook: A Security Case Study", and is a very interesting read.

Facebook has been XSSed a few times in the past, but promptly fixed the vulns:

http://www.xssed.com/search?key=facebook.com

Thank you Adrienne for letting us know! ;)