Chris C. Russo, Security expert, has discovered critical vulnerability in the Facebook Chat module that allows an attacker to launch Denial of Service (DOS) attack against any Facebook users.
He discovered a security flaw on 'www.facebook.com/ajax/mercury/send_messages.php' specifically in the parameter 'message_batch[0][body]'. It doesn't have any kind of limit in the amount of characters that can be sent.
So, it is possible for attackers to send a long message that results in DOS condition to a remote user. Since Facebook allows to send message to almost every user, it can be launched against any user.
The researcher has tested the flaw with 3 different testing users. One of the users who use tablet said his tablet got restarted and he is not able to access the Facebook app anymore, since the chat log would remain there and it would make the app crash again.
"In order to prevent this, the length of that parameter should be analyzed *before* sending the information to the addressee user by the asynchronous connection." Researcher said.
"Personally I believe that there must be something wrong with XSRF tokens as well, because it would allow me to send several packets using the same token that I initially extracted,however I couldn't this information due the ban prevention mechanism."
The researcher notified the Facebook before 6 weeks but fb team replied that there is no flaw, So he published the details in seclists.
In the past, he has discovered a security flaw in MSN messenger that allows hacker to send huge amount of big packets cause denial of service.
