Another Sql Injection flaw on Facebook.com and this time on apps.facebook.com
Last time bug exploited by Romanian group called HackersBlog.
See more details at: Facebook hacked – sql injection
I have tried to contact the Staff but since no one responds to my emails I decided to make public this issue.
So now let's see some screen shots:
This bug allows a potential attacker to execute SQL queries directly into the database easily by manipulating the URL.I hope that soon someone will take care.
See also Researcher Launches Facebook Bug Project For September