By mswatcher
via homakov.blogspot.in
Published: Feb 21 2013 / 05:35
We (me and @isciurus) chained several different bugs in Facebook, OAuth2 and Google Chrome to craft an interesting exploit. MalloryPage can obtain your signed_request, code and access token for any client_id you previously authorized on Facebook. The flow is quite complicated so let me explain the bugs we used.
-
Levels of Maturity
-
The Cult of Design Dictatorship
-
Building a Falling Block Game Using CSS Grid Layout & Blend 5
-
Even though mouse-move, paint, and timer messages are generated on demand, it's still possible for one to end up in your queue
-
Syntactic Ngrams over Time
-
Portable HttpClient is now available as RC
Add your comment
