The vulnerability was in the page title appearing in the popover when you selected the like, message, or notification button from the top menu. The following steps were taken to produce the XSS on my iPhone:
- I created a new Facebook Page on my web browser and set its title to "<img src=x onerror=alert(/XSSed/)>".
- I opened the page in the Facebook Pages Manager application on my iPhone.
- I selected the like button from the top menu.
- An alert showing "/XSSed/" was displayed in the application--the script was activated.
I created a test user account and invited it to take on an admin role for the page. The test user account represented an unsuspecting victim. By clicking on just one button to accept the role, the test user gained permission to access the malicious page. I was able to confirm that the script was activated on that account as well.
This vulnerability was reported on August 11 and the fixed version was released on September 18 as part of Facebook's Security Bug Bounty Program.
How do I make money from playing games and earningReplyDelete
These are the three most popular forms of gambling, หาเงินออนไลน์ and are https://septcasino.com/review/merit-casino/ explained in 출장안마 a very concise and concise manner. The 1xbet 먹튀 most worrione common forms of gambling are: