Tuesday, May 21, 2013

|| Facebook Password Changer Private by Mauritania Attacker||




The Exploit is called Facebook Password Changer

This plugin : https://www.facebook.com/ajax/settings/account/password.php?__user=100005682817150&__a=1&__dyn=7n8ahxoNpE42&__req=7

is for facebook password system , it uses JSON and Javascript and it has the token code of the password of accounts used by JSON system (JSCC.get(\"j0pvq5nqynwdmOkIAD0\")

So i coded that script wich will be able to change the password of any account automatically
using TamperData ^_^

I retrieved all the javascript inisde :

https://www.facebook.com/settings?tab=account&section=password&view

Wich could help me ^_^

So we can say that this method is like Privilege Escalation Exploit and CSRF ^_^

We can also use a javascript Keylogger with the Parameters of that plugin
and retrieve the Parameters and put them inside TamperData and we can HIJACK directly the account of our victim.

Link:-
Comming Soon

6 comments: