The famous Mauritania Attacker of AnonGhost team has claimed to hack the official domain of Facebook Developers (developers.facebook.com).
Mauritania Attacker contacted me via email explained that he found a Text Load Injection vulnerability on the official Facebook Developers domain, which allows anyone to injected text from ixData that is an indexable data type.
The hacker provided me the link where he injected the data, which at that time was displaying the following message:
for (;;);{"__ar":1,"payload":{"redirect":"\/MAURITANIA ATTACKER WAS HERE&__a=\/"},"bootloadable":{},"ixData":[]}The targeted link is: https://developers.facebook.com/MAURITANIA%20ATTACKER%20WAS%20HERE&__a=
Zone-h Mirror of the hack is available here: http://zone-h.org/mirror/id/19711340
Readers will be updated on this vulnerability accordingly.
