On Evading Facebook's Linkshim Mechanism

TL;DR: Here I’ll be talking about an interesting bypass for the so called «linkshim system», which Facebook mainly relies upon to protect its users from malicious URLs shared across the whole platform….

Read More

Messing Around with Web Browsers (Part II)

TL;DR: This would be a complementary entry for my previous writeup of the same title; here I’ll be talking about an interesting download carpet bombing exploit alongside some functionality bug(s)….

Read More

Messing Around with Web Browsers (Part I)

TL;DR: Some interesting URL Spoofing attacks, some functionality bugs and a neat exploit to blow your favourite browser up … just got excited after reading “The Browser Hacker’s Handbook”!

Read More

The Sneaky Facebook XSRF/CSRF!

TL;DR: A CSRF vulnerability that could reset a Facebook user’s post-by-email address was hidden deep inside the Facebook mobile site, where you have to first trigger some kind of legacy browser fallback support and then to tweak with some parameter(s) to catch it!

Read More

Abusing Facebook Social Plugins (for token leakage)

TL;DR: By abusing Facebook social plugins like the activity feed plugin and/or the recommendations plugin, an attacker could retrieve valid sensitive tokens (e.g. access/m_sess tokens), unwittingly shared publicly across the Facebook platform….

Read More