[Facebook] Bypass Linkshim in Product Checkout

 An attacker managed Page could have added evil(.)org or any link which the Facebook Linkshim wouldn't allow.

POC -

Attacker adds a "Shop" button and a "Product" on his Page which will be later sent to a review done by Facebook.

After the review he can edit the "Product" and add any link in "CheckOut", which couldn't have been done before a review.

Any click made on the button would not have a linkshim trail.

Timeline -

Reported - Monday, February 4, 2019

Triaged - Thursday, February 7, 2019

Rewarded - Tuesday, May 7, 2019

Fixed - Wednesday, May 15, 2019


Popular posts from this blog

[Google] Access to BGP server + DOM XSS

[Google] YouTube "restconf" Swagger-UI XSS

[Google] Disclose hidden Blogger profile Display name and Profile photo