tag:blogger.com,1999:blog-26147444773599980942011-07-28T16:47:30.148-07:00Standard Errorhttp://www.blogger.com/profile/11165986954710659008noreply@blogger.comBlogger101100tag:blogger.com,1999:blog-2614744477359998094.post-29813492088985385262007-07-23T18:43:00.000-07:002007-07-23T18:55:38.000-07:00

This one's very interesting. Moods is vulnerable to the typical problem that we've seen in the past. Mainly, viewing a non-friend's mood history. In order to check out someone's history, simply alter the following url.http://apps.facebook.com/emoting/?page=history&uid=xxxxxxxxxObviously substituting the person's id for the uid variable.Now, here's the twist with this application. It doesn't even

Standard Errorhttp://www.blogger.com/profile/11165986954710659008noreply@blogger.com5tag:blogger.com,1999:blog-2614744477359998094.post-31902187225334363632007-07-23T18:01:00.000-07:002007-07-23T18:25:32.327-07:00

*Yawns* Same thing. My Greeting Cards Allows you to send greeting cards to non-friends. Custom text can be sent along with the card as well.Click on My Greeting Cards application.Enter a friend's name.Change recipient_id value.Send gift

Standard Errorhttp://www.blogger.com/profile/11165986954710659008noreply@blogger.com2tag:blogger.com,1999:blog-2614744477359998094.post-23829364037133360352007-07-23T13:22:00.000-07:002007-07-23T13:25:05.041-07:00

I'm seeing a trend here... Superlatives allows you to make predictions about friends that others can vote on, like "so and so is most likely to sell their soul for a donut." Cute. Except you can predict about non-friends too.

SerajewelKShttp://www.blogger.com/profile/01012921717955823504noreply@blogger.com0tag:blogger.com,1999:blog-2614744477359998094.post-53960175433593066682007-07-23T13:10:00.000-07:002007-07-23T13:14:03.157-07:00

Another non-friend attack. Easter Egg lets you post messages on your profile that only certain friends can read. Like other apps, you can trick it into leaving messages for people who aren't your friends. Because it's on your profile there isn't much danger here, but the app will give you the option of sending a notice to the recipient. They might not appreciate receiving messages from people

SerajewelKShttp://www.blogger.com/profile/01012921717955823504noreply@blogger.com0tag:blogger.com,1999:blog-2614744477359998094.post-82325813537607916482007-07-22T20:13:00.000-07:002007-07-22T20:20:01.869-07:00

Poke Pro allows you to do any number of actions to a friend. At least, that's what it's supposed to allow. Poke Pro also allows you do do these events to anyone with the application in their profile... friend or not.Poking random peopleOn your own profile, enter the name of a friend in your Poke Pro box.Alter the id value to reflect the id of the person you wish to poke.Go!How annoying would it

Standard Errorhttp://www.blogger.com/profile/11165986954710659008noreply@blogger.com2tag:blogger.com,1999:blog-2614744477359998094.post-44438165982997994522007-07-22T17:46:00.000-07:002007-07-22T18:08:19.050-07:00

The Fun Wall application has the same vulnerability as the aforementioned Super Wall application. You can post messages on a wall as another person.Exploiting the identity theft.Proceed to the target's profile.Enter the desired message into the Fun Wall form.Change fb_sig_user to the id of the person you wish to post as. (Firebug)Post.

Standard Errorhttp://www.blogger.com/profile/11165986954710659008noreply@blogger.com3tag:blogger.com,1999:blog-2614744477359998094.post-35245685451114118152007-07-22T14:47:00.000-07:002007-07-22T14:53:34.787-07:00

The Sticky Notes application contains a vulnerability that allows you to send a sticky note to any Facebook member, even if they aren't your friend. The application description suggests that this is not the designer's intention.This can be exploited by writing a new note, and when you're asked to choose the recipients:Enter the name of one of your friends.Find the Facebook ID of the person you

SerajewelKShttp://www.blogger.com/profile/01012921717955823504noreply@blogger.com0tag:blogger.com,1999:blog-2614744477359998094.post-30269967599925074362007-07-22T13:21:00.000-07:002007-07-22T13:27:45.843-07:00

Note: I highly suggest that you install Firebug for tweaking web pages. Facebook came out with a feature that allows you to give virtual gifts to your friends. Maybe you want to send a picture of a rose, a picture of a hamburger, or maybe a picture of handcuffs to your friend. That is all fine and dandy, but then Facebook decided to charge you $1 per gift. Most of us are too cheap to actually pay

Standard Errorhttp://www.blogger.com/profile/11165986954710659008noreply@blogger.com4tag:blogger.com,1999:blog-2614744477359998094.post-39331461584339353232007-07-22T12:56:00.000-07:002007-07-22T13:17:15.445-07:00

When you setup your Facebook account, you are given you a virtual "wall" where friends can post public comments to your profile. This is kind of cool, but there are some limitations. You cannot post an image or a video to a friend's wall. Well, the inventors of Super Wall have come to the rescue. This application allows simple text messages, picture messages, and even links to web videos served

Standard Errorhttp://www.blogger.com/profile/11165986954710659008noreply@blogger.com2tag:blogger.com,1999:blog-2614744477359998094.post-83852243423704959332007-07-22T12:43:00.000-07:002007-07-22T12:55:53.783-07:00

For those of you that have been clamoring about the addition of Facebook applications, we have decided to add more fuel to the fire. We have started exposing some of the additional problems (other than the sheer annoyance) introduced by adding third party code onto your Facebook page. Due to the overwhelming number of applications, we don't have time to check every application for security issues

Standard Errorhttp://www.blogger.com/profile/11165986954710659008noreply@blogger.com0