Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×

+ - Hacker gets Facebook's 'keys to the kingdom'-> 2

Submitted by mask.of.sanity
mask.of.sanity (1228908) writes "Facebook has paid out its largest bug bounty of $33,500 for a serious remote code execution vulnerability which also returned Facebook's etc/passwd. The researcher could change Facebook's use of Gmail as an OpenID provider to a URL he controlled, and then sent a request carrying malicious XML code. The Facebook response included its etc/passwd which contained essential login information such as system administrator data and user IDs. The company quickly patched the flaw and awarded him for the proof of concept remote code execution which he quietly disclosed to them."
Link to Original Source
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Hacker gets Facebook's 'keys to the kingdom'

Comments Filter:

Civilization, as we know it, will end sometime this evening. See SYSNOTE tomorrow for more information.

Working...