Facebook is the largest social network in the world and have number- 2 Alexa rank. Since 2004 when Facebook was launched it is the number one target for hackers. Facebook hacking is the most searchable term on Google. Recently Facebook hires world leading security experts to secure their website. Moreover facebook also pays 500$ to any one who can identify any sort of vulnerability inside Facebook.
Facebook team has done a wonderful job now it is really hard to get into the Facebook. They increase the security of the system and remove all the social engineering holes. However, the problem is that Facebook applications are not coded or monitored by facebook, and it’s also not possible that facebook to monitor every single app for vulnerabilities. These facebook apps are mostly coded by common programmers who are not well aware of how a code is written securely. Which leaves facebook apps poured with common vulnerabilities like XSS ( CROSS SITE SCRIPTING), Clickjacking, Remote file inclusion etc. Out of all of these web application vulnerabilities, Remote file inclusion is a very common web application attack which occurs because the application is not able to validate included files. According to imperva, 21% of the apps on facebook are vulnerable to remote file inclusion attack.
Here’s how facebook hacking take place
The attacker creates a malicious jpg file, because the upload of PHP is mostly banned on webservers with user level privileges. Therefore the hacker renames a PHP shell to some thing like shell.php.jpg in order to upload it to the webserver.
Next the hacker exploits RFI vulnerability in order to reference malicious JPG, which paramtere is something like.
.php?page=url of your malicious image
Next the attacker takes control of the server by just going to the url of the JPG image.
Imperva suggests a four step mitigation process which can be found inside the image below, However it includes the deployment of web application firewall, but what if some one is not using a WAF, However will he be protected.
This is how facebook hacking take place.