Facebook Exploit … Social Engineering & Javascript Injection
Posted by Brendon on May 30th, 2010 | 5 comments
This morning I got an e-mail … the typical “[Person] suggested you like [Something]” from Facebook. Typically, this kind of stuff is SPAM; but I checked it out anyways. However, when I got to the page, I didn’t observe just spam; in fact, I observed a cunning exploitation which allows the page to run whatever Javascript code it wishes. It uses a combination of social engineering to prompt the user to perform actions to get a ‘reward’. In the process, the user inadvertently executes Javascript code in their browser.
Watch this video I recorded to see it live in action: