[m3Lv3L]

Maybe someone had found this vulnerability on facebook, but I jurt want to share this for those who havent. First you need to log-in in facebook. Then click on the link below.

http://tinyurl.com/c4fuefl

If you can find anyother vulnerabilies or can inject cool scripts in it, then that would be awesome.

[Asuna_mybb_import7736]

Where does the URL lead you?

[H4R0015K]

Where does the URL lead you?

url lead you to

Code:

https://m.facebook.com/upload.php?album_fbid=3944423508799&aname=+%3D%3Dx%3D%3D%3Dx%3D%3D%3D+XSS+by+RAMZKIE+%3D%3D%3Dx%3D%3D%3Dx%3D%3D&aprivacy=%3C%3C%3C%3C%3C%3C%3C+m3Lv3L+Was+Here+%3E%3E%3E%3E%3E%3E%3E&refid=18

[Ex094]

Believe me, it doesn't even look like a part of Facebook! Looks more like a fake page to me (No Offense)
Just saying!

[m3Lv3L]

Where does the URL lead you?

The URL lead me to the upload section in facebook, where in in the Privacy part, my name appeared on it..

---

How can I attach image here? And before I forget, you guys must be on your mobile

[Ex094]

Is this it http://www.breaksec.com/?p=5713

[m3Lv3L]

Here's a proof for you my friends!

http://www.fidelityprintquick.com/upload...152643.png

---

Is this it http://www.breaksec.com/?p=5713

No, but that's a good addition

[Ex094]

Tell you what, send the Facebook Security Team an email regarding that you've found an XSS on their website. Then wait for the reply Only way to proof if it's legit!

[Anima Templi]

Since when do discussions about XSS vulnerabilities belong to the graphics section? Thread moved.

[m3Lv3L]

Tell you what, send the Facebook Security Team an email regarding that you've found an XSS on their website. Then wait for the reply Only way to proof if it's legit!

I have sent them a report already

---

Since when do discussions about XSS vulnerabilities belong to the graphics section? Thread moved.

Sorry about that Sir, it wont happen again.