yo20063 Posted October 26, 2013 Report Share Posted October 26, 2013 (edited) Hi, We are going to use facebook's redirector to spread our virus, bot, java drive by. The url that let us do this is"https://www.facebook.com/l.php?u=", this is not an open redirector, but it will serve our purpose because 80% of people will trust it and will confirm without hesitation because it's primary url it's from facebook, and they trust facebook!VIDEOVIDEO2As you can see, this works even if the user isn't logged into facebook.I recommend that you shorten your URL "strategically" so you won't raise any suspicion in the confirmation dialog.Happy phishing! Edited October 27, 2013 by yo20063 Quote Link to comment Share on other sites More sharing options...
Avram Posted October 26, 2013 Report Share Posted October 26, 2013 (edited) Thanks very much !Unde ai inregistrat domeniul ala ? Edited October 26, 2013 by Avram Quote Link to comment Share on other sites More sharing options...
yo20063 Posted October 26, 2013 Author Report Share Posted October 26, 2013 la G?zduire gratuit? f?r? reclame cu suport PHP, MySQL ?i website builder. Quote Link to comment Share on other sites More sharing options...
Avram Posted October 26, 2013 Report Share Posted October 26, 2013 Multumesc frumos... Mai am de invatat java drive by Quote Link to comment Share on other sites More sharing options...
v4l3ntyn112 Posted October 26, 2013 Report Share Posted October 26, 2013 Multumesc frumos... Mai am de invatat java drive byIceman, eh ?[sOkola. Quote Link to comment Share on other sites More sharing options...
XgaMeR Posted October 26, 2013 Report Share Posted October 26, 2013 mai exista vre-un exploit Download & Execute? Quote Link to comment Share on other sites More sharing options...
yo20063 Posted October 27, 2013 Author Report Share Posted October 27, 2013 Exista, dar tre' sa cauti bine, mie mi-a luat un weekend intreg sa gasesc un jdb functional Quote Link to comment Share on other sites More sharing options...
Versus71 Posted October 28, 2013 Report Share Posted October 28, 2013 Very old bug. Original:thehackernews.com/2012/01/url-redirection-vulnerability-in-google.html Quote Link to comment Share on other sites More sharing options...
yo20063 Posted October 28, 2013 Author Report Share Posted October 28, 2013 Yea, but since than, facebook has patched many of it's bugs and the original url in the facebook bug presented by you was "http://www.facebook.com/l.php?h=" and was if i'm not mistaken an open redirector.This is something else dude....it's not that "mighty", it's shitier, but if you have imagination get's the job done.I didn't copied anyone, or did research in this matter...just had an ideea.Pardon my english...i'm drunk Quote Link to comment Share on other sites More sharing options...
