Use facebook URL to spread your "stub"

[yo20063]

Hi,

We are going to use facebook's redirector to spread our virus, bot, java drive by. The url that let us do this is

"https://www.facebook.com/l.php?u=", this is not an open redirector, but it will serve our purpose because 80% of people will trust it and will confirm without hesitation because it's primary url it's from facebook, and they trust facebook!

VIDEO

VIDEO2

As you can see, this works even if the user isn't logged into facebook.

I recommend that you shorten your URL "strategically" so you won't raise any suspicion in the confirmation dialog.

Happy phishing!

Edited October 27, 2013 by yo20063

[Avram]

Thanks very much !

Unde ai inregistrat domeniul ala ?

Edited October 26, 2013 by Avram

[yo20063]

la G?zduire gratuit? f?r? reclame cu suport PHP, MySQL ?i website builder.

[Avram]

Multumesc frumos...

Mai am de invatat java drive by

[v4l3ntyn112]

Multumesc frumos...

Mai am de invatat java drive by

Iceman, eh ?

[sOkola.

[XgaMeR]

mai exista vre-un exploit Download & Execute?

[yo20063]

Exista, dar tre' sa cauti bine, mie mi-a luat un weekend intreg sa gasesc un jdb functional

[Versus71]

Very old bug. Original:

thehackernews.com/2012/01/url-redirection-vulnerability-in-google.html

[yo20063]

Yea, but since than, facebook has patched many of it's bugs and the original url in the facebook bug presented by you was "http://www.facebook.com/l.php?h=" and was if i'm not mistaken an open redirector.

This is something else dude....it's not that "mighty", it's shitier, but if you have imagination get's the job done.

I didn't copied anyone, or did research in this matter...just had an ideea.

Pardon my english...i'm drunk