• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

So my bud hacks facebook and gets offered a job

I don't know the seriousness of what he did, but they didn't seem too worried about it.

We noticed you decided to exploit an XSS hole on our site that enabled you to load a custom css file. While this is very neat and basically harmless, the action you initiated to virally propagate the exploit had a bad side effect. Because you posted to contactinfo.php just the website field, you effectively blanked the other fields on the page for anyone who viewed your profile (cell phone, email, etc). We do not like to lose data, and neither do our users. In the future, if you find a security hole, please contact me directly, rather than just exposing it on the site.
 
BTW, what does he mean when he said the accounts were getting "infected"? Was he doing anything that affects other people's facebook accounts?
 
That was actually a good read. I don't think he will get in trouble for it honestly. The offer is probally legit.
 
Some guys did that on myspace already. I wouldn't be surprised if your friend took the idea from there. XSS holes are way too prevalent in web applications. Most web applications I am paid to do a security assessment on suffer from this problem.

That was also how the avatar pictures were inserted on fusetalk a year or so ago. Lucky for AT, nobody was malicious with the code they inserted because they could have done some worse things with it.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top