in

DOM XSS in Facebook Mobile Site(app-login)

SECURITY POC

I was recently targeting adobe website for any vulnerabilities.I came to know that they were using (facebook/gmail) login to sign in instantly.when i clicked the ‘signin with facebook’,Facebook app login page was loaded.I just checked the url and saw there was a ‘cancel_url’ parameter,Which holds the url to which it redirects if the user choose to cancel the login process.The page redirects to adobe.com(source/origin) when ‘not now’ is clicked.I checked the source code of the page and saw that the url to redirect was stored in ‘href’ attribute

<a href=”https://adobe.com”/>

I was wondering if it was vulnerable to xss.So i checked by inputting javascript pseudo protocol ‘javascript:prompt(1)’ and clicked the ‘not now’,And i was shocked to see prompt 🤤..cool..Now what could an xss on a login page could do?.🤔

  • password and username can be stealed if the user choose to exit(clicking not now) rather than logging in 😁😂
  • Here is a test to just popup the facebook username entered by user ..when the ‘not now’ is clicked

https://m.facebook.com/login.php?skip_api_login=1&api_key=531310443646320&signed_next=1&next=https://m.facebook.com/v2.5/dialog/oauth&cancel_url=javascript:var+test=document.getElementById(%27m_login_email%27).value;prompt(test);


Facebook responded to the issue quickly and fixed the issue within hours 😊




Written by CYBER GUY

TECHNICAL AND SECURITY ENTHUSIST .

Leave a Reply

Your email address will not be published. Required fields are marked *

7 + 20 =

What is a Chargeback?

How to Build your Own Real-time Chat App like WhatsApp?