Researcher reports a CSRF vulnerability in Facebook's App Center, earns $5,000

Researcher reports a CSRF vulnerability in Facebook's App Center, earns $5,000

Summary: A security researcher going by the name AMol NAik, has earned $5,000 bug bounty from Facebook Inc. thanks to a CSRF vulnerability he reported to the Security Team of the world's most popular social networking site.

SHARE:
TOPICS: Security
0

A security researcher going by the name AMol NAik, has earned $5,000 bug bounty from Facebook Inc. thanks to a CSRF vulnerability he reported to the Security Team of the world's most popular social networking site.

In order for a malicious attacker to add applications to a Facebook user's Applications list, he would have to trick him into visiting a specially crafted Web site.

More details on the PoC (proof of concept) code:

There are many new parameters added in this new feature. Parameter 'fb_dtsg' is like token and 'perm' are the permissions required by the apps. Parameters 'redirect_url','app_id' are app specific values. Remaining parameters seems static except 'new_perms' & 'orig_perms'. I started to play with these two dynamic params and after few attempts, I knew that these params no longer needed to add an app.Anti-CSRF tokens like 'fb_dtsg' supposed to get validated at server-side. I was shocked to see that in this new feature, somehow developer missed this point and it was possible to add app without 'fb_dtsg'. Bang!!

It took Facebook Inc. a day to fix the reported vulnerability.

Find out more about Dancho Danchev at his LinkedIn profile.

Topic: Security

Dancho Danchev

About Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

0 comments
Log in or register to start the discussion