[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [Full-disclosure] Fake messages and chat bug in Facebook
From: Matteo Fabbri <matteo () phascode ! org>
Date: 2012-06-29 19:08:41
Message-ID: CAJ9pv0LOxr0hqp08XRMGrDXfT-nxBXvEQRRPG_04wfqOuPK0eQ () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Knowing the user registration email is possible to send fake messages /
chat to facebook users.
The only thing required is a fake mail with as the sender the victim
registration email addressed to the facebook ids followed by "@facebook.com
"
Example:
from victim.email@hotmail.com to friend1@facebook.com, friend2@facebook.com.
..
Sent email will be shown in Facebook like a private message (or chat if
multiple recipients are specified) sent by the Facebook account of the
victim.
(Previously reported vulnerabilities to Facebook)
Matteo Fabbri
[Attachment #5 (text/html)]
Knowing the user registration email is possible to send fake messages / chat to facebook \
users.<br>The only thing required is a fake mail with as the sender the victim registration \
email addressed to the facebook ids followed by "@<a \
href="http://facebook.com">facebook.com</a>"<br> <br>Example:<br><br>from <a \
href="mailto:victim.email@hotmail.com">victim.email@hotmail.com</a> to <a \
href="mailto:friend1@facebook.com">friend1@facebook.com</a>, \
friend2@facebook.com...<br><br>Sent email will be shown in Facebook like a private message (or \
chat if multiple recipients are specified) sent by the Facebook account of the victim.<br> \
<br>(<span id="result_box" class="short_text" lang="en"><span class="hps">Previously \
reported</span> <span class="hps">vulnerabilities</span> to <span \
class="hps">Facebook</span></span>)<br><br><br>Matteo Fabbri<br>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic