Facebook Open URL Redirect

Facebook Open URL Redirect

Hi friends
Once again 🙂

Sharing Bug of Facebook :

POC OR Reproducing step :
My Report

Vulnerability Type
Open Redirector

Vulnerability Scope
Mobile Site or App

Title
URL redirection on sticker store

Product / URL
https://m.facebook.com/stickers/?redirect_uri=http%3A%2F%2Fgoogle.com%2F

Description and Impact
its a URL redirect on sticker store after click on done as shown in snap shot

Reproduction Instructions / Proof of Concept
reproducing step is little tricky
i have a bypass

without bypass:
the blow link will redirect after done but it will pass out from a.php?u= paramerter but

https://m.facebook.com/stickers/?redirect_uri=http%3A%2F%2Fgoogle.com

with bypass:

https://m.facebook.com/stickers/?redirect_uri=http%3A%2F%2Fgoogle.com%2F

but if we encode the // and . in url encoding
it will no more pass out with a.php?u=
its will directly redirect to the domain where attacker wants
Victim after visiting sticker store victim cant imagine just because of he was just selected some stickers and after done he directly redirected

Thanks
Regards
Tayyab Qadir

that was my report submitted to facebook but rejected
facebook1
and i got that reply
facebook2
Feed me back on FB
Thanks & regards
Tayyab Qadir

Leave a Reply

Your email address will not be published. Required fields are marked *

fourteen − eight =