Expert Finds Clickjacking Flaw in Google and Open Redirect in Facebook – Video


[youtube:http://www.youtube.com/watch?feature=player_embedded&v=oTjXQgKx1Us%5D

Indian security researcher Jitendra Jaiswal has identified a couple of interesting vulnerabilities in Facebook and Google. Both of them have been addressed.

The security hole that plagued Facebook was an open URL redirect issue that allowed an attacker to redirect victims to any website without any restriction and without interaction on the user’s part. Facebook rewarded the expert with $1,000 (€730) for his findings.

As far as the Google vulnerability is concerned, Jaiswal found a clickjacking (UI redressing) flaw on the Google Maps website that could have been exploited to change a user’s Google+ profile picture, hijack his webcam, and update his status.

Check out the POC videos to see how the vulnerabilities could have been exploited. The issues were discovered last year in November, but the expert has only published their details now.

Jitendra Jaiswal says that in addition to finding vulnerabilities in high-profile websites, he has also been working with police on cybercrime investigations. He’s currently a student at the S.S. Jain Subodh PG College in Jaipur where he’s trying to get a Master’s degree in Computer Science.

[youtube:http://www.youtube.com/watch?v=p_cwA3TQacA&feature=player_embedded%5D

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s