That was the original program I was participating in. Facebook has agreed
to pay me a bounty for this bug.
Nathan Power
www.securitypentest.com
On Fri, Oct 28, 2011 at 7:17 PM, Ulises2k wrote:
> You know this? ;)
> https://www.facebook.com/whitehat/bounty/
>
>
>
> On Fr
I would also like to note this vulnerability was reported responsibly in
regards to full disclosure.
http://en.wikipedia.org/wiki/Full_disclosure
Nathan Power
www.securitypentest.com
On Fri, Oct 28, 2011 at 1:38 PM, Nathan Power wrote:
> I was basically told that Facebook didn't see
they
seem to have been able to reproduce the bug.
Nathan Power
www.securitypentest.com
On Fri, Oct 28, 2011 at 11:18 AM, Pablo Ximenes wrote:
> Not fixed yet. At least not yesterday when I checked.
>
> Nathan, didn't Facebook ask for some time to fix this bug after the
book-attach-exe-vulnerability.html
Enjoy :)
Nathan Power
www.securitypentest.com
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
I discovered a way to get free internets at airports. Below is the article
and a video. Enjoy :)
Article:
http://www.securitypentest.com/2011/07/defcon-travelers-dont-just-go-boingo.html
Video: http://www.securitypentest.com/2011/07/boingo-pwnage.html
Nathan Power
www.securitypentest.com
Check out the latest security advisory: http://www.foofus.net/?p=319
Nathan Power
www.securitypentest.com
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http
An updated Trustwave WebDefend advisory has been posted
http://www.foofus.net/?p=290
Nathan Power
www.securitypentest.com
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by
ability to the Vendor
--
7. Credits:
Discovered by Nathan Power
www.securitypentest.com
--
___
Full-Disclosure - We believe in it.
C
covered by Nathan Power
www.securitypentest.com
--
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secu
rmat.
http://apps.facebook.com/truthsaboutu/track.php?r=http%3A%2F%2F1208929384
Also when you post a link on Facebook, 'apps.facebook.com' is the only text
displayed to the user.
Nathan Power
www.securitypentest.com
On Wed, Mar 2, 2011 at 2:38 PM, Andrew Farmer wrote:
> On 2011-03-02, at 06
This rule can be subverted because of the content keyword.
Below is an example:
http://apps.facebook.com/truthsaboutu/track.php?a=a&r=http://www.securitypentest.com
Add two content keywords 'track.php?' and 'r='
Nathan Power
www.securitypentest.com
On Mon, Feb 2
with a URL
redirect, CSRF, phishing (fake fb login), and browser exploits (javascript
zombie,0days,etc).
How would you have written the impact section?
To be clear - I was trying to make a point when determining the impact, once
you click on a bad link, bad things will happen.
Nathan Power
5. Solution: None
--
6. Time Table:
2/27/2011 Reported Vulnerability to the Vendor
------
7. Credits:
Discovered by N
ility
7. Credits:
Discovered by Nathan Power
www.securitypentest.com
___
Full-Disclosure - We believe in it.
Charter:
14 matches
Mail list logo
