Impreza Portal
Sign InMy ServicesMy DomainsMy InvoicesMy Tickets
Blog
Celebrative Logos
Our Platform
Tutorials
Video TutorialsKnowledge Base
Calculator
More
UptimeNetwork StatusAffiliatesJobsAbout us
enGlobal ($ USD)
esEspaña (€ EUR) (Spain (€ EUR))pt-brBrasil (R$ BRL) (Brazil (R$ BRL))
Contact
Submit Ticket (Less than 1hour to answer)Whatsapp (Less than 24hours to answer)Telegram (Less than 24hours to anwer)Report Abuse

Special Offer for Today only!

Maximum power with a
Intel Xeon E-2236

A powerful machine with:

  • Intel Xeon E-2236
  • 64GB DDR4 ECC
  • 2x 960GB NVMe
  • 1Gbps uplink
  • Dallas, TX Datacenter

From

$200/mo

To

  $149/mo

Complete hardware for your Servers, choose any OS you want, reinstall, install, shut it down or turn it on, you’re in control everytime!

Order Now
HOMEDOMAINS

Servers

Whether Offshore or Surface, we have it all, a lot of Server
options for various types of use!

Hosting

Hosting Services ready for your website, whether on
WordPress or another systems, we can handle it!

Email

Be professional online and get an unique Email with your
name or the name of your company!

Security

Browse the web freely by choosing any of our online
security methods, always be anonymous online!

Choose the Hosting Service that will fit you!

Choose a complete Website Hosting for your business, get everything you need to start online

All Products ➤
WEBSITE HOSTINGWEBSITE HOSTINGThe first step to let your website onlineThe first step to let your website onlineKNOW MORE

Get a Hosting Service that works for you and let’s begin a Journey together!

Recommended Services

SSL Certificates

Backup for Websites

Professional Email

CONTACT
Login
Sign InCreate an Account
No Comments

Facebook cookie failure allowed access to its internal network

 

Researcher Alaa Abdulridha, a computer engineering student at the University of the city of Kharkiv, Ukraine, posted on his blog the information that he won a $ 54,800 prize from Facebook’s bounty bug program for discovering and informing a flaw that gave access to the company’s internal network. In December 2020, he had already earned $ 7,500 from Facebook for discovering a vulnerability in the API of a service apparently used by the company’s legal department: the December flaw could have been exploited to reset the password for any account for a web application. used internally by Facebook employees, he said.

In a post on his blog published on Thursday, March 18, 2021, the researcher said that he continued analyzing the same application and once again managed to access it, but this time manipulating the cookie data. He stated that from that access he was able to launch a server-side request forgery attack (SSRF or server side requst forgery) and gain access to Facebook’s internal network. Facebook described this as “an attacker capable of sending HTTP requests to internal systems and reading their responses”.

Abdulridha showed in the post the correspondence he received from Facebook thanking him for his discovery and notifying him of the receipt of the award.

“I was able to scan the ports of the local servers and browse the local applications / web applications that the company uses in its infrastructure,” he said on the blog. “I am sure that this vulnerability in the wrong hands can be escalated to CER and can pose a great risk to the company and its customers.”

The researcher said he obtained access by chaining two vulnerabilities until he reached the point of access to Facebook’s internal network. He said on his blog that this type of access allowed:

  • Access any Facebook employee account on the legal department panel
  • Access the internal Facebook network (intern.our.facebook.com)
  • Perhaps escalate this vulnerability and use it to scan the network and internal servers

“We all know how critical the SSRF is, especially as it does not have an access speed limit,” he said.

With international news agencies

Source: CisoAdvisor

You might also like
News, Marketing, Security, Market, Ecommerce
News, Marketing, Security, Market, Ecommerce

More Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

Fill out this field
Fill out this field
Please enter a valid email address.