Hacker Installed a Secret Backdoor On Facebook Server to Steal Passwords

How to Hack Facebook?

That’s the most commonly asked question during this decade.

It’s a hacker dream to hack Facebook website for earning bug bounty or for any malicious purpose.

Facebook security team recently found that someone, probably a blackhat hacker with malicious intent, has breached into its server and installed a backdoor that was configured to steal Facebook employees' login credentials.

Since the backdoor discovered in the Facebook’s corporate server, not on its main server, Facebook user accounts are not affected by this incident.

Though the company would have never known about the backdoor if a whitehat hacker had never spotted the backdoor script while hunting for vulnerabilities.

Security researcher Orange Tsai of Taiwanese security vendor Devco accidentally came across a backdoor script on one of Facebook’s corporate servers while finding bugs to earn cash reward from Facebook.

Tsai scanned Facebook's IP address space that led him to the files.fb.com domain that was hosting a vulnerable version of theSecure File Transfer application (FTA) made by Accellion and was used by Facebook employees for file sharing and collaboration.

Tsai analyzed the vulnerable FTA and discovered seven security flaws as he explained in his blog post:

  • 3 Cross-site scripting (XSS) flaws,
  • 2 Remote code execution flaws,
  • 2 Local privilege escalation issues.
Hacker Installed a Secret Backdoor On Facebook Server to Steal Passwords

Hacker Installed a Secret Backdoor On Facebook Server to Steal Passwords

The researcher then used the vulnerabilities he found in the Accellion Secure FTA and gained access to Facebook's server.

After successfully achieving his goal, Tsai started analyzing logs information available on the Facebook’s server for preparing his bug report, and that is exactly when he spotted a PHP-based backdoor, popularly known as a PHP Web shell, that had possibly been installed on the server by a malicious hacker.

Tsai then reported all of his findings to the Facebook security team, which rewarded him with $10,000 (€8,850) for his efforts and started its own forensics investigation that was completed this month, allowing the researcher to disclose the vulnerabilities responsibly.
Axact

Axact

Vestibulum bibendum felis sit amet dolor auctor molestie. In dignissim eget nibh id dapibus. Fusce et suscipit orci. Aliquam sit amet urna lorem. Duis eu imperdiet nunc, non imperdiet libero.

Post A Comment:

2 comments:


  1. Hi, My name is Perry Wayne and i just want to share my experience with everyone. I have being hearing about this blank ATM card for a while and i never really paid any interest to it because of my doubts. Until one day i discovered a hacking guy called Eric he is really good at what he is doing. Back to the point, I inquired about The Blank ATM Card. If it works or even Exist. They told me Yes and that its a card programmed for random money withdraws without being noticed and can also be used for free online purchases of any kind. This was shocking and i still had my doubts. Then i gave it a try and asked for the card and agreed to their terms and conditions. praying and hoping it work i used the blank ATM CARD and it was successful i withdraw nor less than 10,000 dollar each every day the blank ATM CARD worked like a magic and now i have become rich and famous in my society,it just too real to be real if you want to order for the blank ATM CARD here is there email address ([email protected]) or mobile number +12132950888

    ReplyDelete

  2. Hi, My name is Perry Wayne and i just want to share my experience with everyone. I have being hearing about this blank ATM card for a while and i never really paid any interest to it because of my doubts. Until one day i discovered a hacking guy called Eric he is really good at what he is doing. Back to the point, I inquired about The Blank ATM Card. If it works or even Exist. They told me Yes and that its a card programmed for random money withdraws without being noticed and can also be used for free online purchases of any kind. This was shocking and i still had my doubts. Then i gave it a try and asked for the card and agreed to their terms and conditions. praying and hoping it work i used the blank ATM CARD and it was successful i withdraw nor less than 10,000 dollar each every day the blank ATM CARD worked like a magic and now i have become rich and famous in my society,it just too real to be real if you want to order for the blank ATM CARD here is there email address ([email protected]) or mobile number +12132950888

    ReplyDelete