Facebook Attach EXE Vulnerability

As if Facebook didn’t have enough issues, a new vulnerability was recently reported. Facebook normally blocks users from uploading .exe files. However, by simply modifying the POST request, any type of file can be uploaded, including potentially malicious .exe files.

Facebook has known about this vulnerability for a month, but still hasn’t done anything about it.
Source: http://www.securitypentest.com/2011/10/facebook-attach-exe-vulnerability.html


2 thoughts on “Facebook Attach EXE Vulnerability

  1. I can’t comprehend why if companies know they have a problem why won’t they just fix it. Eventually these vulnerabilities will start to pile up and Facebook wont have enough power to fix the old vulnerabilities on top of the new ones that are created everyday.

Comments are closed.