I'm back.
Previous post I talked about how long the FB's Security team will reply you for your 1st reward (in my case almost a month)
Here's the POC for my finding.
Owh btw, I'll censored the URL. Why? I'm quite sure there's still more bugs in this acquisition. So, for a real bug hunter, with these images, they'll know how to find the real site :D Goodluck!
Time Based SQLi in FB's Acquisition
----------------------------------------------
I checked out on their forgot password form. By testing with single quote (') there's a weird but well-known error appear.yes,SQL error.
Hmm..lets try to close the quote.
auwwwwwwwwww...SQLi!
Now lets try to give some POC. Use a simple testing with 1 or 1=1 thingy.
hmm unknown error? so this is TRUE/FALSE response.
hah! different error.this might be its FALSE/TRUE response then.
I'm on the right track! but its still not enough for a POC!
Try to figure out a valid column? Lets try the same thing I used for my bounty in Paypal's bounty.
Testing to check if xxxxx is a valid column..NO!
Testing if user is a valid column. YEAH!!!
Final touch-up..lets try with Time-Based testing!
Finally..My bug accepted by Facebook and will join the FB's whitepage. Mission accomplished and..
Adios.
@yappare
2 comments:
nice work dud :D
Good job buddy :)
Post a Comment