Developers.facebook.com Hacked via Text Load Injection by Mauritania Attacker of AnonGhost

Developers.facebook.com Hacked via Text Load Injection by Mauritania Attacker of AnonGhost

The famous Mauritania Attacker of AnonGhost team has claimed to hack the official domain of Facebook Developers (developers.facebook.com).

Mauritania Attacker contacted me via email explained that he found a Text Load Injection vulnerability on the official Facebook Developers domain, which allows anyone to injected text from ixData that is an indexable data type.

The hacker provided me the link where he injected the data, which at that time was displaying the following message:

for (;;);{"__ar":1,"payload":{"redirect":"\/MAURITANIA ATTACKER WAS HERE&__a=\/"},"bootloadable":{},"ixData":[]}

The targeted link is: https://developers.facebook.com/MAURITANIA%20ATTACKER%20WAS%20HERE&__a=

Zone-h Mirror of the hack is available here: http://zone-h.org/mirror/id/19711340

Readers will be updated on this vulnerability accordingly.


Waqas

Waqas Amir is a Milan-based cybersecurity journalist with a passion for covering latest happenings in cyber security and tech world. In addition to being the founder of this website, Waqas is also into gaming, reading and investigative journalism.