Facebook and XSS – a sample in action! :P
Today, I checked Facebook and got a spam wall post. I suspected it was an FB API + XSS exploit and looked into this matter. What a coincidence with the new project! =P
So after the first Google result I get a complete rundown on how to XSS exploit someone’s account.
http://www.cs.virginia.edu/felt/fbook/facebook-xss-censored.pdf
turns out it is fairly simple to execute!
This shows how even some of the most trusted sites where we share a lot of information can be manipulated to do malicious things. This is one of the real weaknesses of social networking and a open applications API, as javascript works across a whole page without private/public members that we are accustomed to in traditional OOP.