Sunday, 2 June 2013

Reset facebook password without knowing current


Password reset vulnerability found in www.facebook.com 

description:

sow Ching shiong, an independent researcher has found/discovered a password reset vulnerability in www.facebook.com which can used by an attacker to bypass certain security restriction 

in normal circumstances a facebook user which wants to change his/her facebook password is required to give his/her previous facebook password to prevent attackers who can change facebook password without the knowledge of the original user 

but through this vulnerability an attacker can change facebook users password without the owner's knowledge  by accessing this URL directly:


after that the page will be redirected to:

proof of concept:

step:1 login to your facebook account type this URL in the address bar 
 http://www.facebook.com/hacked  then the will redirect you to 

step:2 click on continue to proceed

step:3 confirm new password to change/reset password 
the vulnerability has beed confirmed by facebook security team

Enjoy and dont forget to like us on facebook


No comments:

Post a Comment