Published Vulnerabilities

Sun
28
Jul

Facebook Bug Bounty 2013 – Open Redirect Vulnerability

Facebook Bug Bounty 2013 – Open Redirect Vulnerability

A open redirect and filter bypass vulnerability was detected in the official original Facebook and Facebook core application. The vulnerability allows to bypass the basic validation of the application module to redirect users unauthorized to an external source.

Normally the redirect exception only allows the attacker to redirect to allowed or internal applications. The attacker exchanges the application url id with a valid request and can inject an url to external target but the attacker needs to make at the end of the domain a bind.php#_=_ to redirect successful to the external source. After requesting the url which does not expire because of the client id which can be exchanged randomly with others the request will redirect the victim to another web page.

Tue
11
Jun

Sony PlayStation3 FW 4.31 – Code Execution Vulnerability

Sony PlayStation3 FW 4.31 – Code Execution Vulnerability

An amazing and historical important issue in the sony playstation 3 firmware v4.31 has been disclosed by Benjamin Kunz Mejri leader of the core research team. In 2012 Benjamin was multiple times trying to inform sony about several issues in the firmware and online ps network. After no response came back he didn't gave up to try it and contacted silently a very smart moderator and admin of the playstation3 community. The moderator (MUC) has began to read and verify the details and directly send a letter as email with the resource files to sony japan. After waiting a longer period of time the issue has been closed with the version 4.40 in may.

Pages

Subscribe to RSS - Published Vulnerabilities