	Got 5min?
	Log In/ Join Now

How to videos>Tech>Web

Facebook Loophole: i-frames

This "Facebook Loophole: i-frames" video requires the latest version of Adobe Flash Player.
Download Flash

Get Flash

Send

Favorite

Mobile

Flag

Send it to your Mobile for Free

Country

Phone Number

Please Allow Few Minutes for SMS to Arrive

Comment on

'Facebook Loophole: i-frames' video

Your Name:

Email (optional):

Are you human?

By:

Guest

1 month ago

fuck yea...

Reply to this Comment

By:

Guest

5 months ago

Reply to this Comment

By:

hany

5 months ago

www eg

Reply to this Comment

By:

Guest

7 months ago

-2

ur gay

Reply to this Comment

By:

Guest

8 months ago

all these tutorials suk ballllz, why you ask? I CANT SEE A FUC**** THING!!!!!!!!!!!!!!! !!!!!!!

View 1 reply

Reply to this Comment

By:

Guest

8 months ago

-1

i love you, whoever you are lol this is the shit, thanks so much.

Reply to this Comment

By:

dtc

9 months ago

-1

I'm guessing this this done with something like Greasemonkey? As far as I know, third party apps cant display iframes on the profile pages.

Reply to this Comment

By:

carolina

9 months ago

-3

I do not knwo how to do this. I am pregnant and engaged and have vey bad suspicions. Could you help me. I will pay you. This effects the rest of my life. Please I implore you as a woman to another woman. I think my fiance has other relationships going on. I beg of you. I would not do this for no reason. I have just cause. Please help me. Carolina. I hide nothing. I gave you my e-mail and my real name.

View 1 reply

Reply to this Comment

By:

Guest

10 months ago

-3

Couldn't you just make it a three minuter by writing it down? Stupid youtube.

Reply to this Comment

By:

RangerFox

10 months ago

-2

Cool stuff

Reply to this Comment

123

No text or picture Add-ons were added yet. How sad!

No Links were listed yet. Go ahead and share!

Myspace Friends Adder Tutorial

How to add hundreds of friends to your myspace acount

http://www.5min.com/Video/Myspace-Friends-Adder-Tutorial-2503

WYSIWYG or Not to WYSIWYG using Dreamweaver

WYSIWYG stands for What You See Is What You Get. In terms of web design it means a program that you can use to generate code for the web, in this video we talk about the advantages and disadvantages of using a WYSIWYG editor. Distributed by Tubemog

http://www.5min.com/Video/WYSIWYG-or-Not-to-WYSIWYG-using-Dreamweaver-28091201

How to do a Google search

Tips for a better google search

http://www.5min.com/Video/How-to-do-a-Google-search-1262

How to Encrypt emails using Voltage Security Network

Learn how to use VSN, a plug-in for Outlook/Outlook Express that makes for sending and receiving encrypted emails literally a snap. There is a Web portal for users outside the enterprise, and a secure file transfer application add-on to Windows Explorer as well. http://voltage.com/products/vsn.htm

http://www.5min.com/Video/How-to-Encrypt-emails-using-Voltage-Security-Network-39136316

Protect Your Web Browsing Using Secure Computing Web Protection Service

Learn how to use Secure Computing&apos;s Secure Web Protection service offers a proxy server to protect both malware and not-worksafe Web sites. It is a simple and unbotrusiveway to protect your browsing. It isn&apos;t useful for protecting Web servers from inbound attacks, for example, and shouldn&apos;t substitute for a fully-featured intrusion appliance, but it can protect individuals and small networks especially with a lot of home-based and remote office users.

http://www.5min.com/Video/Protect-Your-Web-Browsing-Using-Secure-Computing-Web-Protection-Service-42879669

How to Use Social Profiles Facebook App

Learn how to display links to all your social bookmark profile sites on your Facebook profile page using the TagK Social Site Links Application.

http://www.5min.com/Video/How-to-Use-Social-Profiles-Facebook-App-18629464

101 blogging ,how to blog part 1

www.bloggersmosaic.com this is my opinion you can agree disagree or add your opinion

http://www.5min.com/Video/101-blogging-how-to-blog-part-1-19033503

Facebook: What They Really Have On You

Learn how facebook may be using you and your information against you.

http://www.5min.com/Video/Facebook-What-They-Really-Have-On-You-6650212

How to Copy and Paste HTML into FrontPage

. Watch and learn how to copy and paste HTML text into Front Page, and other applications without errors, such as &amp;amp;gt instead of &amp;gt;

http://www.5min.com/Video/How-to-Copy-and-Paste-HTML-into-FrontPage-11451

Google Search Hacks

These are productivity hacks to help increase the efficiency of your Google searches.

http://www.5min.com/Video/Google-Search-Hacks-35861844

In this video, I demonstrate a facebook cross side scripting vulnerability being taking advantage of.

So right now, I am in Safari, log into my fake account viewing my fake account’s profile. Scroll down to the bottom; you can see the last post was made by a guy named Andrew. And also, I currently only have 1 friend, also name Andrew.

I am going to go to Firefox now. The exploit is setup to working Firefox and now, it is in Safari. Logging into my real account now, viewing my fake account’s profile. As you can see, style sheet is being placed over the facebook 1 and also, 2 ivories had been injected.

And that is how by frame, friend request was sense by the viewer without my approval to my fake account and now in that fake account, I am going to accept that friend request.

Once I have accepted the friend request, the little chicken playing in the 2nd I frame will work but, 2nd I frame just dreads on the wall. But, you can write on the wall until you have been friends to someone.

So, I am going to refresh now to make the viewer write on the wall and as you can see, the style sheet is not applied immediately because it is been injected after the facebook style sheets have most uploaded. And, that is how by frame, nothing is really going to happen because we are already friends. But in the bottom one, I have now just re in to my fake account’s wall.

Because I am not calling the Ajax, if you scroll to the bottom, does not appear, viewers does not know anything’s happened. So, in order to see the results, we are going to have to refresh.

Once you refresh, you can scroll down to the bottom and what will see is that I have now just written on the wall without actually doing anything.

You are probably saying cute right? But, it is just wall post. Why is it matter?

Actually, this script can do anything the viewer can do. Facebook uses hidden form ideas to keep attackers from submitting forms on the behalf of the unwanting users. However, once mucous code is imbedded in the site, that form ID can be access by the attacker. It is after can inject I frames, much like I did.

I made the I frames visible for the sake of demonstration, but they can be made invisible so the viewer has no idea that this is happening.

Those frames commence submit forms and then occasion credentials of the user. The attacker can issue friend request, make well post and turn off privacy settings all well impersonating the viewer.

The code can also interestingly and stuff third party facebook applications to the viewer’s account to try to spread.

Transcription by: Scribe4you Transcription Services