Goldshlager described the vulnerability, which he named the “UnFix Bug” in a blog post on Wednesday (http://www.breaksec.com/?p=6039). He also provided details of the hole to the online publication TechCrunch, which wrote about it, and declared the problem 'fixed' and Goldshlager a "hero."(http://techcrunch.com/2013/04/03/goldschlager-saves-the-day/) )...which is true — for the _two_ redirection vulnerabilities at Skype.com and Dropbox.com that Goldshlager used in his proof of concept.
The problem is that similar redirect flaws exist in many domains linked to Facebook applications. Any of those could be used to steal Facebook users’ credentials, Goldshlager explained. “This is a design flaw in Facebook OAuth,” he wrote. “Most
Popular application publishers like Zynga are a natural target, given their prevalence on Facebook accounts and their large web presence. Redirect holes in Zynga.com or any of its subdomains could be used, in conjunction with any Zynga application, to steal user credentials. Even Skype and Dropbox could still be vulnerable, Goldshlager wrote, provided an attacker can find a site redirection hole somewhere on Skype.com, dropbox.com or any of their subdomains.
The Security Ledger has the full story.(http://securityledger.com/that-facebook-account-hijack-vulnerability-is-still-dangerous-heres-why/)
Link to Original Source