SpywareHammer Security Forums => Social Media Privacy and Security => Topic started by: Bugbatter on August 20, 2009, 02:37:55 PM

Title: Facebook Attack: Personal Info Theft via CSRF
Post by: Bugbatter on August 20, 2009, 02:37:55 PM

This video is a demonstration of an attack exploiting a vulnerability in Facebook.

By merely viewing a forum page containing the rouge image, a user's personal information (full name, profile picture, and friends list) can be obtained by a hacker. It is not the image itself that does the trick. Instead, when the browser fetches the image, a chain-reaction starts that delivers these details to the hacker. The chain reaction ends with a valid image, which means that the unknowing user would not have a clue that anything out of the ordinary just happened.
In addition, note that a user's details are also at risk when one of his friends falls victim to this attack.


 (http://www.comicguide.net/images/smilies/lehrer.gif) If you are using Facebook Applications, you are being taken off the Facebook site. Are those games and fun stuff really worth the risk to you and your friends?
Title: Re: Facebook Attack: Personal Info Theft via CSRF
Post by: faith_michele on August 21, 2009, 01:13:28 AM
This explains how it works. 

Facebook CSRF attack - Full Disclosure

1. User naively surfs to a well-known and trusted forum at forum.com.
   2. The thread he is viewing contains a malicious comment with an IMG tag point at quaji.com
   3. The user's browsers attempts to retrieve the image
   4. but instead is redirected to hxxp://apps.facebook.com/hacker-app/step1.php.
   5. The request is forwarded through the Facebook platform,
   6. to the hackers app server
   7. and is again redirected to hxxp://apps.facebook.com/hacker-app/step2.php.
   8. and back to the browser.
   9. Browser attempts hxxp://apps.facebook.com/hacker-app/step2.php
  10. The Facebook platform passes the request to the hacker's app server adding the user's personal information after being tricked into thinking it should do so.
  11. To finish off, a redirect is issused to a proper image.