How I Hacked Facebook OAuth To Get Full Permission On Any Facebook Account (Without App “Allow” Interaction) by Nir Goldshlage

I found a way in to get a full permissions (read inbox, outbox, manage pages, manage ads, read private photos, videos,etc..) over the victim account even without any installed apps on the victim’s account,

Another advantage in the flaw I found is that there is no “Expired date” of the Token like there would be on any other application usage, In my attack the token never expires unless the victim change his password :)”

read his blog

There’s so much hacking going on! At least Nir Glodshlager told facebook before he released his story. I think it’s very professional of him to go straight to the company first.

Christina

Advertisements

One thought on “How I Hacked Facebook OAuth To Get Full Permission On Any Facebook Account (Without App “Allow” Interaction) by Nir Goldshlage

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s