> Reported this issue to Facebook team on 03/22/11 and Facebook team > acknowledged this issue on 03/29/11 and fixed this vulnerability.
They still have redirects on apps made by their users, and they don't care http://apps.facebook.com/truthsaboutu/track.php?r=http://www.google.com and if someone falls in basic phishing with facebook domain, he will fall with apps.facebook subdomain too. Btw, linkedin has open redirect too and they couldn't care less about it http://www.linkedin.com/redirect?url=www.google.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
