Facebook Leak Referrer Data
While finding a facebook vulnerability I visited this interesting link with a back uri parameter endpoint
So I view the source code and read it. After reading it i found out the url endpoint in the source code does not passing by linkshim, so by adding
at the endpoint the result like this
you can easily redirect the facebook page without linkshim the redirect works.
What is Linkshim
Every time a link is clicked on the site, the link will check that the URL against Facebook has its own internal list of malicious links, along with the lists of numerous external partners including McAfee, Google, Web of Trust, and Websense. If Facebook detects that a URL is malicious, Facebook will display an interstitial page before the browser actually requests the suspicious page.
Read the full explanation in this note: www.facebook.com
Setup
User: UserOne {Owner: UserOne }
Environment: owner UserOne
Platform: Facebook sites
Step to Reproduce
- From any web browser goto www.facebook.com , login as UserOne.
- Open this facebook link
- From the left top header click back button
- Then facebook page redirect to without linkshim
Disclosure Timeline
- October 13, 2020 — I reported this vulnerability issue in facebook whitehat page.
- October 13, 2020 — The Facebook team reproduces & investigates regarding the vulnerability issue.
- October 16, 2020 — The vulnerability has been patched by adding linkshim.
- October 22, 2020 — Bounty Rewarded
Thanks for reading this article, I hope you guys learn something new today. Please share this article to spread the knowledge.
Don’t forget to follow and connect with me through LinkedIn, and Twitter.
