funsec mailing list archives

Interesting Facebook news feed item from application

From: Juha-Matti Laurio <juha-matti.laurio () netti fi>
Date: Sat, 29 Mar 2008 11:43:35 +0200 (EET)

This item just appeared to my Facebook news feed:

"Firstname Lastname rused

http://www.facebook.com/s.php?k=100000080&id=701079xxx(new Image()).src = 
'/ajax/ct.php?app_id=17801732384&action_type=3&post_form_id=87c660052ab8b7313d9281a5540eaxxx&position=4&' + 
Math.random();ft('4:1:169:525460988:5:::::296700103:1:17801732384:::0:535339866:', 
'1206790078:cddb217a8d3575dd5f2af8b459c0axxx', 'clk');return true;'Firstname Lastname'!

http://www.facebook.com/s.php?k=100000080&id=507167xxxnew Image()).src = 
'/ajax/ct.php?app_id=17801732384&action_type=3&post_form_id=87c660052ab8b7313d9281a5540eaxxx&position=4&' + 
Math.random();ft('4:1:169:525460988:5:::::296700103:1:17801732384:::0:535339866:', 
'1206790078:cddb217a8d3575dd5f2af8b459c0axxx', 'clk');return true;Firstname was just beaten down by Firstname's 
Valiant Slayer!"

Real names changed to 'Firstname Lastname' and some strings modified with 'xxx' to prevent disclosing profile id's.

This item comes from Slayers application
http://www.facebook.com/apps/application.php?id=17801732384

Browser: FF2.0.0.13

Juha-Matti

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

Interesting Facebook news feed item from application Juha-Matti Laurio (Mar 29)