nAb.h4x Posted January 8, 2013 Report Posted January 8, 2013 (edited) Hacker found a way to hack and change your password like, just he used to change his own password. Confused ? Recently Facebook fix a very critical vulnerability on the tip of 'Sow Ching Shiong', an independent vulnerability researcher. Flaw allow anyone to reset the password of any Facebook user without knowing his last passwordFacebook having an option for compromised accounts at "https://www.facebook.com/hacked" , where Facebook ask one to change his password for further protection. This compromised account recovery page, will redirect you to another page at "https://www.facebook.com/checkpoint/checkpointme?f=[userid]&r=web_hacked" Researcher notice that the URL of the page having a parameter called "f" which represents your user ID and replacing the user ID with victim's user ID allow him to get into next page where attacker can reset the password of victim without knowing his last password.The Vulnerability was very simple to execute, but now has been confirmed and patched by Facebook Security Team.Sursa - TheHackerNews Edited January 8, 2013 by nAb.h4x 2 1 Quote
wildchild Posted January 8, 2013 Report Posted January 8, 2013 Quod erat demonstrandum...tot ce-i f?cut de mintea uman? poate fi hackuit. Niciun sistem nu e perfect. Quote
yoyois Posted January 8, 2013 Report Posted January 8, 2013 (edited) Asa simplu ? Orice e vulnerabil dar totusi asta a fost o prostie din partea facebook.De acum voi urmari mai cu atentie paginile facebook Facebook having an option for compromised accounts at "https://www.facebook.com/hacked" , where Facebook ask one to change his password for further protection. This compromised account recovery page, will redirect you to another page at "https://www.facebook.com/checkpoint/checkpointme?f=[userid]&r=web_hacked" Researcher notice that the URL of the page having a parameter called "f" which represents your user ID and replacing the user ID with victim's user ID allow him to get into next page where attacker can reset the password of victim without knowing his last password.@io.kent Dupa cum explica, gaura de securitate permitea schimbarea parolei. Edited January 8, 2013 by yoyois Quote
io.kent Posted January 8, 2013 Report Posted January 8, 2013 Nu cred ca merge, sau trebuie sa sti parola veche, dar cand vrei sa furi un cont, daca nai idee de parola, nu ai nici o sansa asa Quote
caramea Posted January 8, 2013 Report Posted January 8, 2013 Nu cred ca merge, sau trebuie sa sti parola veche, dar cand vrei sa furi un cont, daca nai idee de parola, nu ai nici o sansa asabut now has been confirmed and patched by Facebook Security Team. Quote
studentul Posted January 10, 2013 Report Posted January 10, 2013 asta a fost o bresa buna in securitatea lor,asta la facebook,si la yahoo a fost una acum ceva vreme numita (data tamper)..eu cu metoda aia am reusit sa rezolv vreo 20 de conturi,evident persoanelor care meritau.dar din pacate a fost patchuita.asa mergeti la concursurile lor,sa le gasiti bresele din securitate,mergeti pe maruntis.,go go go,PS:adevarat.tot ce este facut de om,mai devreme sau mai tz poate fi hakuit. Quote
