Saturday, 8 March 2014

Facebook Open Redirect Variability


Facebook Open Redirect Variability

This very short tutorial will explain my way of creating Facebook open redirect links. s some of you may know, Facebook open redirects are rare and hard to make due to the LinkShin (l.php)
This method however, is easy and Facebook the selves don't think this is a vulnerability: "This is not a vulnerability in our opinion." Note the "in our opinion" - to me this is a vulnerability.
This open redirect will work as long as your are friends with the person you are sending the link to.

Step 1 :-

First Visit to this link over to http://facebook.com/help/cookies

The page will look like :-


Facebook Open Redirect Variability

Step 2 :-

Then view the page source and search for h=

Facebook Open Redirect Variability
.
Step 3 :-

copy the security code after the h= and before the &s=. It will look like this h=XXXXXXXXX You have to copy only XXXXXXXXX

Step 4 :-

Now simply create the URL like http://facebook.com/l.php?u=http://best4hack.com/&h=XXXXXXXXX

Step 5 :-

Give this link to your victim he or she will get the redirect to be open (without "leaving facebook" warning)

As said earlier you can only get the redirect to be open (without "leaving facebook" warning) if you're sending this link to a friend.
It is possible to create the link before adding the victim as a friend. But there does have to be that "relationship" between accounts.

Related Posts Plugin for WordPress, Blogger...