Indian security researcher Jitendra Jaiswal has identified a couple of interesting vulnerabilities in Facebook and Google. Both of them have been addressed.
The security hole that plagued Facebook was an open URL redirect issue that allowed an attacker to redirect victims to any website without any restriction and without interaction on the user’s part. Facebook rewarded the expert with $1,000 (€730) for his findings.
As far as the Google vulnerability is concerned, Jaiswal found a clickjacking (UI redressing) flaw on the Google Maps website that could have been exploited to change a user’s Google+ profile picture, hijack his webcam, and update his status.
Check out the POC videos to see how the vulnerabilities could have been exploited. The issues were discovered last year in November, but the expert has only published their details now.
Jitendra Jaiswal says that in addition to finding vulnerabilities in high-profile websites, he has also been working with police on cybercrime investigations. He’s currently a student at the S.S. Jain Subodh PG College in Jaipur where he’s trying to get a Master’s degree in Computer Science.[youtube:http://www.youtube.com/watch?v=p_cwA3TQacA&feature=player_embedded%5D