Hello, World! ❤️
Welcome to my another blog post. I hope you all are doing well and safe. This post is about the reflected cross-site scripting (rXSS) vulnerabilities I found on Facebook. I suggest you read my previous article before reading this one, which is how I found several SSRFs on Facebook server where a vulnerable third-party business intelligence portal (MicroStrategy Web SDK) was deployed. If you read that article first, then, it will be easier to understand.
This post is about some complex rXSS I found on Facebook that was a little difficult to detect and exploit. As already…
Hello World ❤️,
Facebook is the largest social networking site in the world and one of the most widely used. I have always been interested in testing the security of Facebook. During the sub domain enumeration, I’ve got a sub domain which is “https://m-nexus.thefacebook.com/". It redirects me to “https://m-nexus.thefacebook.com/servlet/mstrWebAdmin" observe below screenshot:
I quickly Google keyword mstrWebAdmin and I observed that this is the Business Intelligence Portal that is built on MicroStrategy’s tools: