In Facebook Recovering Section , I found one of the Input box was not sanitized to accept only required values.
Vulnerable URL :
https://m.facebook.com/login/identify?ctx=recover&mode=friendname&email=<any value>
In the "email" parameter , one can Insert any values namely text , number , characters.....
Proof Of Concept :
https://m.facebook.com/login/identify?ctx=recover&mode=friendname&email=Security%20test%20by%20Hari%20:)
Vulnerable URL :
https://m.facebook.com/login/identify?ctx=recover&mode=friendname&email=<any value>
In the "email" parameter , one can Insert any values namely text , number , characters.....
Proof Of Concept :
https://m.facebook.com/login/identify?ctx=recover&mode=friendname&email=Security%20test%20by%20Hari%20:)
No comments:
Post a Comment