Facebook rewarded $33,500 for Remote Code Execution Vulnerability (allhackersnews.com)

1 points by krishnakarki ↗ HN
Here comes a critical bug discovered in Facebook and biggest bounty ever paid by Facebook for reporting vulnerability in their website. Reginaldo Silva, A Brazilian Hacker, has discovered a highly critical Remote Code Execution(RCE) vulnerability in the Facebook which could allowed attackers to read any files from the server. It could also allowed attackers to run malicious code in the server. In September 2012, he first discovered XML External Entity Expansion bug in the Drupal that handled OpenID. OpenID is an open technology that allows users to authenticate to websites without having to create a new password. He found similar bug affecting the Google’s App Engine and Blogger. However, it is not critical as he wasn’t able to access the arbitrary file or open network connections, he received $500 reward from Google. He found out plenty of other websites implementing OpenID are vulnerable to RCE.

0 comments

[ 3.6 ms ] story [ 13.7 ms ] thread

No comments yet.