Shulou(Shulou.com)05/31 Report--

This article shows you how to use the donation function to form a replay attack to achieve Facebook authentication bypass analysis, the content is concise and easy to understand, absolutely can make your eyes bright, through the detailed introduction of this article, I hope you can get something.

The use of Facebook donation function to form an authentication replay attack to achieve Facebook account two-factor authentication (2FA) to bypass the loophole, because Facebook in the URL session to add authentication measures are not perfect.

Vulnerability situation

The reason is that I received a friend's donation activity message. When I click the "donate" button on its page with my mobile Facebook-App (IOS), it automatically jumps to a Web page paid with * or Paypal, which is placed in the back path: {/ donation/login/?nonce=xxxxx&uid=xxxxxx}.

The resulting URL links are:

Https://m.facebook.com/donation/login/?nonce=xxxxxx&uid={USER_ID}

However, after visiting the link, I found that even if I was in the Facebook exit status and did not log in to Facebook at all, when I visited the above URL link with a Web browser, I visited facebook.com again so that I could successfully enter my Facebook account without any password or other authentication means!

As a verification, I sent the above URL donation link https://m.facebook.com/donation/login/?nonce=xxxxxx&uid={USER_ID} generated by my Facebook account to another friend of mine, and sure enough, on his computer, when he visited the link, he could successfully enter my Facebook account from facebook.com! No password or 2FA authentication measures are required! Moreover, even if he changes the login password of my Facebook account, he can still keep the login status of my Facebook account.

Loophole recurrence

1. Use Facebook App (IOS) to find donation pages from some public welfare organizations, such as https://www.facebook.com/donate/xxx/xxx/

2. Try to initiate a donation operation

3. Then you will jump to the link: "https://m.facebook.com/donation/login/?nonce=xxxxxx&uid=xxxxxx"

4. Copy the URL link and use it on other devices on which you have not logged in to your Facebook account, and click on the Web browser to visit it.

After visiting the Facebook.com home page, you will find that you have automatically logged in to your Facebook account

6. Even if you clean up the Facebook account password or related sessions, the attacker with the URL link can still maintain the login status of your Facebook account and achieve authentication bypass without password or other 2FA measures.

Generally speaking, we will add a timestamp timestamp to some links that require authentication, combining UID and an application parameter nounce (number used once) to prevent session replay attacks, but Facebook is not perfect here, which leads to vulnerabilities. This vulnerability can lead to the bypass of the authentication mechanism and the formation of a persistent login state to the Facebook account.

The above content is how to use the donation function to form a replay attack to achieve Facebook authentication bypass analysis, have you learned the knowledge or skills? If you want to learn more skills or enrich your knowledge reserve, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.