Trending: TeCh ZoNe

Sunday, September 2, 2012

Facebook (exe) upload Vulnerability | Attach exe Files in Facebook messages























----------------------------------------------------------------------------------------------------------------------------------------
1. Summary:

When using the Facebook 'Messages' tab, there is a feature to attach a file. Using this feature normally, the site won't allow a user to attach an executable file. A bug was discovered to subvert this security mechanisms. Note, you do NOT have to be friends with the user to send them a message with an attachment.

----------------------------------------------------------------------------------------------------------------------------------------
2. Description:

When attaching an executable file, Facebook will return an error message stating:

"Error Uploading: You cannot attach files of that type."








When uploading a file attachment to Facebook we captured the web browsers POST request being sent to the web server. Inside this POST request reads the line:

Content-Disposition: form-data; name="attachment"; filename="cmd.exe"

It was discovered the variable 'filename' was being parsed to determine if the file type is allowed or not.

To subvert the security mechanisms to allow an .exe file type, we modified the POST request by appending a space to our filename variable like so:

filename="cmd.exe "

This was enough to trick the parser and allow our executable file to be attached and sent in a
message.








----------------------------------------------------------------------------------------------------------------------------------------
3. Impact:

Potentially allow an attacker to compromise a victim’s computer system.

----------------------------------------------------------------------------------------------------------------------------------------
4. Affected Products:

www.facebook.com (this trick is very effective for hackers it will help them to upload their servers directly in message box)
----------------------------------------------------------------------------------------------------------------------------------------
5. Time Table:

09/30/2011 Reported Vulnerability to the Vendor
10/26/2011 Vendor Acknowledged Vulnerability
10/27/2011 Publicly Disclosed
11/01/2011 Vulnerability Fixed

--------------------------------------------------------------------------------------------------------------------------------------

6.credits:

 THIS TRICK WAS DISCOVERED BY: http://www.securitypentest.com/

author

This post was written by: shreyash tiwari

Shreyash tiwari is a professional blogger and HACKER, web designer and front end web developer. Follow him on facebook and TWITTER

Blog Warning:

HEY VISITORS THIS IS A NOTE FROM ADMIN:

THIS WEBSITE IS BUILD BY ME ONLY FOR EDUCATIONAL PURPOSE I JUST WANT TO PROVIDE CYBER TIPS SO IF U USE THESE INFORMATION TO HARM ANY SUBSTANCE,COMMUNITY OR PERSON AND GOT CAUGHT THEN I AM NOT RESPONSIBLE FOR IT SO MIND MY WORDS HACKING IS A CYBER CRIME DON'T CHEAT OTHERS WITH YOUR POWERS

KNOWLEDGE IS FOR SHARING ASK-SHARE

FOR MORE INFORMATION MAIL ME:
STSHREYASH50@GMAIL.COM
All Rights Reserved TeCh ZoNe | Blogger Template by Bloggermint
Sponsored by Florida Phone Book, Florida Accountants, Optician Jobs
back to top