SwiftSafe
SwiftSafe
Sep 4, 2018 · 2 min read

A Remote Code Execution Vulnerability Patched by Facebook

Facebook recently disclosed a serious security flaw in the company’s servers which allowed for remote code execution. Security researcher Daniel Blaklis Le Gall from SCRT information security has been awarded $5000 for discovering the bug. The researcher said that the bug was discovered on one of Facebook’s servers.

How the did the Researcher find the issue ?

When the researcher scanned the IP range of Facebooks’ servers he came across a Sentry Service written in Python and Django which looked vulnerable.

“The application appeared to be unstable regarding the user password reset feature” the researcher said. “Django debug mode was not turned off, which consequently prints the whole environment when a stack trace occurs. However, Django snips critical data (passwords, secrets, key…).

When the security researcher dug deeper into the issue he also found a binary protocol used to unserialize Python Object Structures. Although the secret key was not available in the Stack trace. Blaklis has obtained the key by using the Sentry list.

Where is the vulnerability ??

According to the application the key was used for session signing, and if compromised it can be used to hjack user’s session. The researcher was able to create a script that forges malicious cookies with arbitrary Pickle content which also included a payload to override Sentry cookies.

The Security researcher has just implemented a 30-sec delay instead of causing any harm to the application, the attempt was proven to be a success making the server vulnerable to the attacks and user’s data could be exposed as a result. The researcher reported his findings on July 30th.

Facebook swiftly took down the server until a patch was released. Blaklis was awarded $5,000 for his efforts. The company has patched the vulnerability and restarted the service.

SwiftSafe

Written by

SwiftSafe is a Cyber Security Company established by a group of highly motivated technologists and offers Security Consulting, Auditing and Testing Services.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade