Thursday, 23 January 2014
Reginaldo Silva, a Brazilian computer engineer, discovered a bug that would eventually lead him to rewards from Google and Facebook. The bug, a XML External Entity Expansion (XXE), can easily targeted on domains which offers OpenID authentication. There are many popular websites which use OpenID authentication. According to silva, At present many implementations of OpenID are still vulnerable to the XXE bug.
By this vulnerability, an attacker have to specify a URI to be stored in a
device identifier, after which name upon that identifier to retrieve
data. The XML processor can, most often, be advised to disable the
loading of exterior entities furthermore it can be forced to make arbitrary inside connections, which already
permits an attacker to abuse facebook’s bandwidth for a harmful DDoS attacks, also it gives an entry to the
local file system which can lead to a serious harm.
Facebook confirmed this report and A fix was deployed across Facebook's entire network. Knowing that the bug could have been escalated to a remote code execution
issue, The social networking giant rewarded Silva accordingly by the severity of this bug, offering him $33,500 USD. To date, the sum rewarded to Silva represents Facebook's largest bug bounty payout.
Check out his blog for full details.
