Facebook Leak Referrer Data

Neil Mark Ochea
2 min readDec 8, 2020

--

While finding a facebook vulnerability I visited this interesting link with a back uri parameter endpoint

So I view the source code and read it. After reading it i found out the url endpoint in the source code does not passing by linkshim, so by adding

at the endpoint the result like this

you can easily redirect the facebook page without linkshim the redirect works.

What is Linkshim

Every time a link is clicked on the site, the link will check that the URL against Facebook has its own internal list of malicious links, along with the lists of numerous external partners including McAfee, Google, Web of Trust, and Websense. If Facebook detects that a URL is malicious, Facebook will display an interstitial page before the browser actually requests the suspicious page.

Read the full explanation in this note: www.facebook.com

Setup

User: UserOne {Owner: UserOne }

Environment: owner UserOne

Platform: Facebook sites

Step to Reproduce

  • From any web browser goto www.facebook.com , login as UserOne.
  • Open this facebook link
  • From the left top header click back button
  • Then facebook page redirect to without linkshim

Disclosure Timeline

  • October 13, 2020 — I reported this vulnerability issue in facebook whitehat page.
  • October 13, 2020 — The Facebook team reproduces & investigates regarding the vulnerability issue.
  • October 16, 2020 — The vulnerability has been patched by adding linkshim.
  • October 22, 2020 — Bounty Rewarded

Thanks for reading this article, I hope you guys learn something new today. Please share this article to spread the knowledge.

Don’t forget to follow and connect with me through LinkedIn, and Twitter.

--

--

No responses yet