Chris, If it's social and it's Facebook, it must be good :)
Cheers, Chris. On Mon, Apr 4, 2011 at 8:22 AM, Chris Evans <scarybea...@gmail.com> wrote: > On Sun, Apr 3, 2011 at 4:26 PM, Javier Bassi <javierba...@gmail.com>wrote: > >> > Reported this issue to Facebook team on 03/22/11 and Facebook team >> acknowledged this issue on 03/29/11 and fixed this vulnerability. >> >> They still have redirects on apps made by their users, and they don't care >> http://apps.facebook.com/truthsaboutu/track.php?r=http://www.google.com >> and if someone falls in basic phishing with facebook domain, he will >> fall with apps.facebook subdomain too. >> >> Btw, linkedin has open redirect too and they couldn't care less about it >> http://www.linkedin.com/redirect?url=www.google.com > > > Probably because it's not a big deal? > > What next, an advisory about how massive quantities of "open redirectors" > have been found on bit.ly, goo.gl and tinyurl.com ? > > > Cheers > Chris > > >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/