|
|
|
|
|
|
by rshao
6651 days ago
|
|
|
This isn't a facebook hack at all. It's a Moods application hack. Really, it's the application programmer's fault for not checking if the auth_token received corresponds to the fb_sig_user. James Hong's Pets application used to have the same problem, where you could sell other people's items to make money for your own pet. He just needed to validate his inputs... And so do most amateurs web programmers. Facebook is pretty secure. Its apps vary. |
|
|