tag:blogger.com,1999:blog-693932372202271917.post8567708700559339447..comments2022-02-20T16:05:32.850-08:00Comments on Dan Melamed Security Blog: Hacking Any Facebook Account Exploit POCdanmhttp://www.blogger.com/profile/18414678776687440398noreply@blogger.comBlogger13125tag:blogger.com,1999:blog-693932372202271917.post-32516389511731181852013-08-14T16:42:04.931-07:002013-08-14T16:42:04.931-07:00Yes, the other two vulnerable addresses were Gmail...Yes, the other two vulnerable addresses were Gmail and Yahoo. But both of them used an openid link which was vulnerable to CSRF too. But that issue was fixed before I was able to record a video. So for simplicity, I wrote about the hotmail flaw.danmhttps://www.blogger.com/profile/18414678776687440398noreply@blogger.comtag:blogger.com,1999:blog-693932372202271917.post-89299156719122754532013-08-13T02:08:29.771-07:002013-08-13T02:08:29.771-07:00Hi Dan, thanks for sharing the details of this fla...Hi Dan, thanks for sharing the details of this flaw. <br /><br />As far as I can see, Facebook uses Hotmail's API in the claiming process and I am wondering how much this has to do with the vulnerability. What can you say about this point? Have you tried with non hotmail email addresses? <br />Giancarlohttps://www.blogger.com/profile/17542374042642658383noreply@blogger.comtag:blogger.com,1999:blog-693932372202271917.post-16322177963503104332013-07-17T15:06:50.133-07:002013-07-17T15:06:50.133-07:00It is already patched? so we are wasting our time ...It is already patched? so we are wasting our time trying it right?Anonymoushttps://www.blogger.com/profile/08263681071595123901noreply@blogger.comtag:blogger.com,1999:blog-693932372202271917.post-33151138950533246972013-07-16T02:18:44.860-07:002013-07-16T02:18:44.860-07:00Can You Pls explain me How did u get this link..??...Can You Pls explain me How did u get this link..??? https://www.facebook.com/support/openid/proxy_hotmail.php?appdata[fbid]=AQ3Tcly2XEfbzuCqyhZXfb8_hYHTnHPPd-CDsvdrLzDnWLpsKTMcaXtIzV0qywEwbPsahmadhttps://www.blogger.com/profile/06290246320830234384noreply@blogger.comtag:blogger.com,1999:blog-693932372202271917.post-57795052385534965162013-07-15T13:47:18.147-07:002013-07-15T13:47:18.147-07:00Friend but the method works yet or already correct...Friend but the method works yet or already corrected this error facebookAnonymoushttps://www.blogger.com/profile/14967827630533046342noreply@blogger.comtag:blogger.com,1999:blog-693932372202271917.post-55874363126819779972013-07-15T13:19:59.077-07:002013-07-15T13:19:59.077-07:00I've explained this in one of the comments pos...I've explained this in one of the comments posted on my YouTube video.danmhttps://www.blogger.com/profile/18414678776687440398noreply@blogger.comtag:blogger.com,1999:blog-693932372202271917.post-86727272244649050402013-07-15T08:15:34.764-07:002013-07-15T08:15:34.764-07:00how to generate this link...
https://www.faceboo...how to generate this link... <br /><br />https://www.facebook.com/support/openid/proxy_hotmail.php?appdata[fbid]=AQ3Tcly2XEfbzuCqyhZXfb8_hYHTnHPPd-CDsvdrLzDnWLpsKTMcaXtIzV0qywEwbPs<br /><br /><br />or its just for copy and paste?ron kinghttps://www.blogger.com/profile/11413187489261011283noreply@blogger.comtag:blogger.com,1999:blog-693932372202271917.post-20737333172114831232013-07-14T23:54:42.936-07:002013-07-14T23:54:42.936-07:00Critical Facebook vulnerability allows account hac...Critical Facebook vulnerability allows account hacking<br />http://www.dan-melamed.com/2013/06/hacking-any-facebook-account-exploit-poc.html3L3V3Nhttps://www.blogger.com/profile/01335911739755751747noreply@blogger.comtag:blogger.com,1999:blog-693932372202271917.post-32486838273117991132013-07-07T18:18:18.076-07:002013-07-07T18:18:18.076-07:00how do I make the request for complaint to the ema...how do I make the request for complaint to the email?Markhttps://www.blogger.com/profile/12792119603253264088noreply@blogger.comtag:blogger.com,1999:blog-693932372202271917.post-64970928018282936262013-07-07T15:41:15.453-07:002013-07-07T15:41:15.453-07:00once you have the final link you can send it to an...once you have the final link you can send it to anyone and it'll add your email to their account. But please remember that this is already been patched.danmhttps://www.blogger.com/profile/18414678776687440398noreply@blogger.comtag:blogger.com,1999:blog-693932372202271917.post-1011992040859553142013-07-07T15:40:57.219-07:002013-07-07T15:40:57.219-07:00I never decrypted the fbid parameter. When I attem...I never decrypted the fbid parameter. When I attempt to add an email address that already belongs to another facebook account, a popup shows up asking me if I want to "claim it", clicking on that would generate the fbid parameter inside that link and you'de go on from there.danmhttps://www.blogger.com/profile/18414678776687440398noreply@blogger.comtag:blogger.com,1999:blog-693932372202271917.post-60209691077546882242013-07-07T09:44:14.121-07:002013-07-07T09:44:14.121-07:00as you can to send this link to victim? as I put m...as you can to send this link to victim? as I put my email?Markhttps://www.blogger.com/profile/12792119603253264088noreply@blogger.comtag:blogger.com,1999:blog-693932372202271917.post-55743236609080980372013-07-07T08:49:30.323-07:002013-07-07T08:49:30.323-07:00how did u decrypt the code? n what kinda encryptio...how did u decrypt the code? n what kinda encryption is that?Ismailhttps://www.blogger.com/profile/03968623749650072893noreply@blogger.com