Thanks to visit codestin.com
Credit goes to github.com

Skip to content
This repository was archived by the owner on Jan 13, 2022. It is now read-only.

Fixed a vulnerability with signed requests #57

Merged
merged 1 commit into from
Jan 15, 2013
Merged

Fixed a vulnerability with signed requests #57

merged 1 commit into from
Jan 15, 2013

Conversation

@kilotaras
Copy link
Contributor

@kilotaras kilotaras commented Jan 14, 2013

See the next scenario.

  1. Alice is logged into Facebook
  2. Alice visits example.com/with_js_sdk.php (our PHP SDK example endpoint). The SDK will write her signed_request, user_id, and access_token to a session cookie.
  3. Alice is then tricked into visiting example.com/with_js_sdk.php?signed_request={Bob's signed request}. The SDK will then set the user_id to Bob, while keeping Alice's access_token in persistent storage
  4. If example.com has another endpoint that authenticates based on getUser(), Bob now has access to data returned by Alice's access_token.

This fixes it.

oyvindkinsey added a commit that referenced this pull request Jan 15, 2013
@oyvindkinsey
Merge pull request #57 from kilotaras/vulnerability_bug
bf99924 
Fixed a vulnerability with signed requests
@oyvindkinsey oyvindkinsey merged commit bf99924 into facebookarchive:master Jan 15, 2013
@kilotaras kilotaras deleted the vulnerability_bug branch January 15, 2013 22:00
@niallkennedy niallkennedy mentioned this pull request Jan 29, 2013
Merged
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@kilotaras @oyvindkinsey