Leading websites are prone to being attacked – and Facebook is no exception. Just a few weeks back we had read that a zero-day vulnerability was found on Facebook, which allowed a hacker to login to anyone’s Facebook account without a password. This was subsequently patched.
News now comes that a Facebook subdomain is vulnerable to SQL injection.
Ur0b0r0x, a member of the Inj3ct0r Team, who describes himself as a “Penetration Testing security Offensive Security Exploit Coding Independent Security Researcher”, tweeted and claimed that had found a vulnerability in m.fbjs.facebook.com – that made it vulnerable to SQL injection.
Ur0b0r0x has also uploaded a screenshot of the working hack, but not disclosed any other information about the vulnerability.
If the claim is indeed true, one can only hope that Facebook is able to patch the vulnerability soonest. Meanwhile it will do no harm to have a look at some tips to secure your Facebook account.