Another way to hack facebook

In recent few months White hat hacker Nir Goldshlager reported many critical bugs in Facebook OAuth mechanism, that allowed an attacker to hijack any Facebook account without user's interaction.

Another Pentester with the name 'Amine Cherrai' reported a new Facebook OAuth flaw, whose exploitation is actually very similar to Nir Goldshlager's findings; however, this is a new way which is still vulnerable.

Now, if you are knew about the old vulnerability used on Facebook with OAuth in redirect_url parameter in the URL, there is a new way that Amine Cherrai discovered, to bypass the patch made by Facebook security security team.

He found a new file on Facebook, that allows redirection to steal  the access_token of  the victim's account.
Example: http://facebook.com/connect/xd_arbiter.php?#&origin=http://facebook.com/”
Successful exploitation again allowed hacker to hijack Facebook accounts using OAuth Flaw.

Proof:

http://facebook.com/dialog/oauth?client_id=350685531728&response_type=token&display=page&redirect_uri=http%3A%2F%2Ftouch.facebook.com%2Fconnect%2Fxd_arbiter.php%3F%23%21%2Fapps%2Fmidnighthack%2F%3F%26origin%3Dhttp%3A%2F%2Ffacebook.com%2F

- See more at: http://backtrack-page.blogspot.com/2013/04/another-way-to-hack-facebook-accounts.html#sthash.B66f6ukc.dpuf

In recent few months White hat hacker Nir Goldshlager reported many critical bugs in Facebook OAuth mechanism, that allowed an attacker to hijack any Facebook account without user's interaction.

Another Pentester with the name 'Amine Cherrai' reported a new Facebook OAuth flaw, whose exploitation is actually very similar to Nir Goldshlager's findings; however, this is a new way which is still vulnerable.

Now, if you are knew about the old vulnerability used on Facebook with OAuth in redirect_url parameter in the URL, there is a new way that Amine Cherrai discovered, to bypass the patch made by Facebook security security team.

He found a new file on Facebook, that allows redirection to steal  the access_token of  the victim's account.
Example: http://facebook.com/connect/xd_arbiter.php?#&origin=http://facebook.com/”
Successful exploitation again allowed hacker to hijack Facebook accounts using OAuth Flaw.

Proof:

http://facebook.com/dialog/oauth?client_id=350685531728&response_type=token&display=page&redirect_uri=http%3A%2F%2Ftouch.facebook.com%2Fconnect%2Fxd_arbiter.php%3F%23%21%2Fapps%2Fmidnighthack%2F%3F%26origin%3Dhttp%3A%2F%2Ffacebook.com%2F

- See more at: http://backtrack-page.blogspot.com/2013/04/another-way-to-hack-facebook-accounts.html#sthash.B66f6ukc.dpuf

In recent few months White hat hacker Nir Goldshlager reported many critical bugs in Facebook OAuth mechanism, that allowed an attacker to hijack any Facebook account without user's interaction.

Another Pentester with the name 'Amine Cherrai' reported a new Facebook OAuth flaw, whose exploitation is actually very similar to Nir Goldshlager's findings; however, this is a new way which is still vulnerable.

Now, if you are knew about the old vulnerability used on Facebook with OAuth in redirect_url parameter in the URL, there is a new way that Amine Cherrai discovered, to bypass the patch made by Facebook security security team.

He found a new file on Facebook, that allows redirection to steal  the access_token of  the victim's account.
Example: http://facebook.com/connect/xd_arbiter.php?#&origin=http://facebook.com/”
Successful exploitation again allowed hacker to hijack Facebook accounts using OAuth Flaw.

Proof:

http://facebook.com/dialog/oauth?client_id=350685531728&response_type=token&display=page&redirect_uri=http%3A%2F%2Ftouch.facebook.com%2Fconnect%2Fxd_arbiter.php%3F%23%21%2Fapps%2Fmidnighthack%2F%3F%26origin%3Dhttp%3A%2F%2Ffacebook.com%2F

Demo :