keralaboy

i found accesstoken leak. any malicious app can get facebook accessstoken

keep in mind that it is still not fixed.they are not going to fix it because if it i disabled many apps stop working .

for example to get app “ok.ru” s accesstokn

first malicous app register intent filter in apps manifest file

<data android:scheme=”fbconnect” android:host=”success”

then load fb oauth dialog in browser

https://m.facebook.com/v5.0/dialog/oauth?client_id=164160687668585&redirect_uri=fbconnect://success&response_type=token%2Csigned_request

if user gave authorization to ok.ru then their accesstoken willbe sented back to fbconnect://success

now this intent uri is registerd by our malicous app so accesstoken willbe redirected to our malicious app.

now we can takeover their account by this token.

--

--

there are many kind of cheating behind bugbounty.most important are

duplicate cheating and illogical reasoning

  • when someone reports a bug then triager close it as duplicate of emty or fake bug is called duplicate cheating
  • closing bug as informative or not applicable by silly/stupid reason is called illogical reasoning

--

--

have you got duplicate status to your bug report. dont blindly belive that.it maybe a cheating.not all duplicates are duplicates
any company can say “it is duplicate” without showing original report.this is a functional bug of bugbonty platforms.what if malicious companys are exploiting this bug.none can detect it.

see hacking-the-hackers-through-bug-bounty-platforms

see cheating proofs

i contacted hackerone but when i asked to fix it they rejected it they dont mind even if hacker get cheated.
this issue still exists .the biggest thing is hackers effort and time are wasting.

to stop it share this news.make everyone aware untill bugbounty platforms solve it.

--

--