9:54 AM FBML Injection on Facebook Stream Attachments | |
As you might already know, on Facebook, we can insert some certain media attachment like image, video/flash or mp3 audio through our own application. The attachment is an array of structured data that defines the post. To understand how to post what kind of attachment we would like to post, we need to understand about Facebook Stream Attachments. You can read more about the detail on their page. Here, we are discussing the issue on one of its parameters named "name”.
You can use this Stream Attachments through : As i said above before, here we’re gonna try to use the ‘name’ parameter on the attachment to add an FBML Injection to our post. This trick found by some of our brothers and sisters on balikita, inspired by a tag button then Roy Castillo use fb:lives-tream, then tweaked more by some other forum members. Let’s assume that you have already known about how to insert the attachment, you can insert some FBML codes inside the parameter like :
You can try to insert those FBML tag using our Facebook Bold Text, simply put those FBML codes inside the ‘Message’ Box, there’s also a preview button. You can find more about FBML tag on this page : http://developers.facebook.com/docs/reference/fbml/ try it, who knows you will find another way to insert XSS vector using this trick
Happy tweaking | |
Total comments: 0 | |