Facebook Homepage Source Code Probably Leaked

It seams that Facebook’s Homepage Source code was leaked. This is yet to be confirmed by Facebook themselves so do not take it for real.

I’ve spend a couple of moments reading the single PHP file and there is nothing wrong with it that is obvious to me at this stage, apart from the fact it gives us a pretty good idea how the software is structured and where to find interesting libraries and other components of the Facebook application. If you find anything interesting please send it to us privately or I would suggest to contact the Facebook straightaway.

[source code taken down, let's be nice]!

Comments

seajay responds:

Hello,

Today, I read about the alleged source code leak at Facebook Secrets http://facebooksecrets.blogspot.com/ where the actual code was posted…

The code is composed of numerous API calls, I don’t know if the actual code of the various PHP include files was also leaked. Couple of days ago while browsing facebook I got an error that revealed where the actual code is stored /home/… I believe this violates an important security rule “Secure failure”. Unfortunately many web applications on the web still suffer from an insecure failure.

Just a thought :)

chris responds:

Prepare for cease and desist…

bpzp responds:

you dont think this could be considered proprietary source code you’re posting?

pdp responds:

bpzp, actually I don’t know. If this is the case I will be happy to take it down. However, it could as well be a joke which is interesting to be noted. This is why the title of this post is Facebook Homepage Source Code Probably Leaked.

pdp responds:

update: seams to be real. the source code was taken down.

seajay responds:

Well actually, the source code is still posted http://facebooksecrets.blogspot.com/

pdp responds:

seajay, I know, however it is always good to play nice, after all the source code is Facebook’s property and therefore should not be redistributed.

seajay responds:

Hope hackers play it nice too :)

MustLive responds:

Site facebooksecrets.blogspot.com was shut down by Google. But there are places in the Web, where you can find this source code :-) (like here: http://www.mediafire.com/?ddjj9bntdzz).

Yes, there are many web sites (and web applications) in the Internet which suffer from an insecure failure. And security researchers and visitors can find such holes during visiting of the sites or via Google hacking.

pdp and guys, you can look at my article “Warning” Google hacking http://websecurity.com.ua/1278/ (about dorks developed by me). Where I describe a lot of “warning” search queries (dorks) which let you find Full path disclosure and Information disclosure vulnerabilities at a lot of sites.

GNUCITIZEN Products

Blogsecurify is a division of GNUCITIZEN. The initiative was established to provide social media security services through our free automated testing engine. The Blogsecurify team is also engaged to deliver quality content on issues concerning social media technologies.

Netsecurify is a division of GNUCITIZEN. The initiative was established to provide network security services through our free automated testing engine. The service is still in private-beta.

Websecurify is a division of GNUCITIZEN. The initiative was established to provide a free web application security framework for automated and manual penetration testing. The service is still in private-beta.

Secapps serves as an application directory of all online tools which the GNUCITIZEN team has built over the years.

Securls serves as an information security intelligence tool, combining news and articles from the best information security resources online.

Visit the GNUCITIZEN Network for a complete listing of all GNUCITIZEN initiatives, products and partnering organizations.

GNUCITIZEN

Navigation