Fixed a vulnerability with signed requests #57

Merged
merged 1 commit into from Jan 15, 2013

Projects

None yet

2 participants

@kilotaras

See the next scenario.

1) Alice is logged into Facebook
2) Alice visits example.com/with_js_sdk.php (our PHP SDK example endpoint). The SDK will write her signed_request, user_id, and access_token to a session cookie.
3) Alice is then tricked into visiting example.com/with_js_sdk.php?signed_request={Bob's signed request}. The SDK will then set the user_id to Bob, while keeping Alice's access_token in persistent storage
4) If example.com has another endpoint that authenticates based on getUser(), Bob now has access to data returned by Alice's access_token.

This fixes it.

@oyvindkinsey oyvindkinsey merged commit bf99924 into facebookarchive:master Jan 15, 2013
@kilotaras kilotaras deleted the unknown repository branch Jan 15, 2013
@niallkennedy niallkennedy referenced this pull request in facebookarchive/wordpress Jan 29, 2013
Merged

fix a vulnerability with signed requests. facebook-php-sdk #57 #375

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment