Copyright By Edward Maya. Powered by Blogger.
.
Pin It

Vulnerability On Facebook Password

Posted on
  • by
  • Cabin Crew (Mi6)
  • in
  • Labels:

  • Sow Ching Shiong, an independent vulnerability researcher has discovered a Password Reset vulnerability in www.facebook.com, which can be exploited by an attacker to bypass certain security restrictions.

    In normal circumstances, an authenticated Facebook user is required to enter his/her current password on the change password page to prevent an unauthorized person from changing the password without the user's knowledge.
    However, an attacker can change/reset a user's password without knowing the user's current password by accessing this URL directly:

    https://www.facebook.com/hacked.

    After that, the page will be redirected to https://www.facebook.com/checkpoint/checkpointme?f=[userid]&r=web_hacked

    Now, the attacker can click "Continue" to change/reset the user's password.

    Proof of concept

    Step 1: Logon to Facebook and access this URL directly: https://www.facebook.com/hacked. The page will be redirected to https://www.facebook.com/checkpoint/checkpointme?f=[userid]&r=web_hacked




    Step 2: Click on "Continue" to proceed



    Step 3: Enter "New Password" and "Confirm Password" to change/reset the password.



    Conclusion
    This vulnerability has been confirmed and patched by Facebook Security Team. I would like to thank them for their quick response to my report.

    Note: This tutorial is only for Educational Purposes, I did not take any responsibility of any misuse, you will be solely responsible for any misuse that you do. Hacking email accounts is criminal activity and is punishable under cyber crime and you may get upto 40 years of imprisonment, if got caught in doing so.

    5 comments:

    Anonymous said...

    bro thats not working:/
    Fb is asking for current or old fb password ..
    Any alter for this thing?

    Chris Defaulter Valentine said...

    That Thing Was Not Working Beox Facebook Know That Tricks That's Why He Disable It Vulnerability On Facebook Password

    Anonymous said...

    its not working anymore ^^

    Chris Defaulter Valentine said...

    ok

    Anarkia Mx said...

    bro i need an tuto plz

    Post a Comment

     
    Copyright (c) 2013 Edward Maya
    Sponsored By : Chris Defaulter Valentine