Entradas

Mostrando entradas de mayo 1, 2013

Facebook Graph API Users ID (and others) Information Disclosure

# Exploit Title : Facebook Graph API Users ID (and others) Information Disclosure-     OAuthException- # *Vendor*: Facebook.com http://graph.facebook.com # Author: Juan Carlos Garcia (@secnight) # Blog: http://hackingmadrid.blogspot.com             BREIF DESCRIPTION The Graph API is the primary way that data is retrieved or posted to Facebook. The Getting Started Guide contains an overview of the basics of the API, walks you through using the   Graph API Explorer , shows you how names work, how permissions work, what connections are and puts it all together so the rest of this reference make sense. Disclosure Anyone can access the data from ANY user due to the release of information that produces the "Graph API" because of the functionality they have given to this API for developers. The "excess" functionality provided in this API make data users are exposed without any need for it any malicious attacker and make a compi...