in Check It Out, Meddling, MT.Net

Facebook Connect vulnerability

I just checked out my Apache logs and found this interesting entry:

95.76.161.199 – – [22/Oct/2012:13:21:25 -0400] “GET /?fbconnect_action=myhome&fbuserid=1+and+1=2+union+select+1,2,3,4,5,concat(0x6730306431),7,8,9,10,11,12– HTTP/1.1” 403 5043 “-” “Mozilla/3.0 (windows)”

It appears to be an exploit attempt against the Facebook Connect plugin.

Here’s a webpagethat shows how it works.

There are quite a few websites potentially vulnerable to this exploit. While it doesn’t appear to make Facebook itself vulnerable, it does compromise any WordPress blogs which use this plugin.