Full Disclosure mailing list archives
Facebook DNS misconfiguration
From: Carlo Di Dato via Fulldisclosure <fulldisclosure () seclists org>
Date: Wed, 09 Feb 2022 18:18:59 +0000
Hi everyone,I submittet to Facebook a DNS misconfiguration issue. Specifically, the following URLs will be resoved as private IP addresses.
dev.facebook.com : A [10.110.151.5] hr.facebook.com : A [10.110.199.9] prof.facebook.com : A [10.18.4.109] tps.facebook.com : A [10.110.159.18] interim.facebook.com : A [10.110.151.5] nexus.facebook.com : A [192.168.62.201] alf.facebook.com : A [192.168.16.27]It's something similar to Same Site Scripting, except the resolved URL is not 127.0.0.1 but a private IP address.
You could use them in case of red team activies, for example. Imagine this scenario: #1 - there's a public, unprotected wi-fi network#2 - you are connected to this wi-fi network and your IP is 192.168.16.11
#3 - you could change you IP from 192.168.16.11 to 192.168.16.27#4 - you could start a web server with a fake Facebook login page or with some malicious file #5 - you could invite someone, within the same network, to visit "http://alf.facebook.com" or to download an update from "http://alf.facebook.com/update.exe"
Of course, another scenario would be the one in which you create a rogue, free wi-fi access point configured to assing 192.168.16.1/24 IPs
Do you consider this a MITM attack? I'm not 100% sure but Facebook stated it is.
See you! Cheers, Carlo Di Dato (aka shinnai) _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- Facebook DNS misconfiguration Carlo Di Dato via Fulldisclosure (Feb 10)
- Re: Facebook DNS misconfiguration Joey Kelly (Feb 13)