Hi readers
when you create a fan page on facebook, it is possible to inject malicious code in the name of the group.
the code is executed when you want to delete or stop following a fan page.
1. Creating a fan page with malicious script: http://img192.imageshack.us/si.php?img=creaciondelapagina.jpg
2. The page was created: http://img63.imageshack.us/si.php?img=paginacreada.jpg
3. fan page before to be deleted: http://img29.imageshack.us/si.php?img=eliminacion1.jpg
4. XSS on Facebook : http://img63.imageshack.us/si.php?img=eliminacion2.jpg
this vulnerability will allow malicious users to steal session or execute malicious scripts XSS, also may be used for phishing.
Att: c7b3r
http://www.colombiaunderground.org