You know this? ;) https://www.facebook.com/whitehat/bounty/
On Fri, Oct 28, 2011 at 17:49, Nathan Power <n...@securitypentest.com> wrote: > > I would also like to note this vulnerability was reported responsibly in > regards to full disclosure. > http://en.wikipedia.org/wiki/Full_disclosure > > Nathan Power > www.securitypentest.com > On Fri, Oct 28, 2011 at 1:38 PM, Nathan Power <n...@securitypentest.com> > wrote: >> >> I was basically told that Facebook didn't see it as an issue and I was >> puzzled by that. Ends up the Facebook security team had issues reproducing >> my work and that's why they initially disgarded it. After publishing, the >> Facebook security team re-examined the issue and by working with me they >> seem to have been able to reproduce the bug. >> >> Nathan Power >> www.securitypentest.com >> >> >> On Fri, Oct 28, 2011 at 11:18 AM, Pablo Ximenes <pa...@ximen.es> wrote: >>> >>> Not fixed yet. At least not yesterday when I checked. >>> Nathan, didn't Facebook ask for some time to fix this bug after they have >>> acknowledged it? >>> >>> Pablo Ximenes >>> http://ximen.es/ >>> http://twitter.com/pabloximenes >>> Em 27/10/2011, às 19:29, Joshua Thomas <rappercra...@gmail.com> escreveu: >>> >>> can't believe such was on FB .... wahahaha !!! lol ....rofl ... >>> >>> When was this discovered and fixed ? >>> >>> >>> On Thu, Oct 27, 2011 at 1:02 AM, Nathan Power <n...@securitypentest.com> >>> wrote: >>>> >>>> --------------------------------------------------------------------------------- >>>> 1. Summary: >>>> When using the Facebook 'Messages' tab, there is a feature to attach a >>>> file. >>>> Using this feature normally, the site won't allow a user to attach an >>>> executable file. >>>> A bug was discovered to subvert this security mechanisms. Note, you do NOT >>>> have >>>> to be friends with the user to send them a message with an attachment. >>>> --------------------------------------------------------------------------------- >>>> Read the rest of this advisory here: >>>> http://www.securitypentest.com/2011/10/facebook-attach-exe-vulnerability.html >>>> >>>> Enjoy :) >>>> >>>> Nathan Power >>>> www.securitypentest.com >>>> _______________________________________________ >>>> Full-Disclosure - We believe in it. >>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>>> Hosted and sponsored by Secunia - http://secunia.com/ >>> >>> _______________________________________________ >>> Full-Disclosure - We believe in it. >>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>> Hosted and sponsored by Secunia - http://secunia.com/ > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
