Facebook Homepage Source Code Probably Leaked

Sun, 12 Aug 2007 08:13:28 GMT
by pdp

It seams that Facebook's Homepage Source code was leaked. This is yet to be confirmed by Facebook themselves so do not take it for real.

I've spent a couple of minutes reading the single PHP file and there is nothing wrong with it that is obvious to me at this stage, apart from the fact it gives us a pretty good idea how the software is structured and where to find interesting libraries and other components of the Facebook application. If you find anything interesting please send it to us privately or I would suggest to contact the Facebook straightaway.

    [source code taken down, let's be nice]!

Archived Comments

Hello, Today, I read about the alleged source code leak at Facebook Secrets http://facebooksecrets.blogspot.com/ where the actual code was posted... The code is composed of numerous API calls, I don't know if the actual code of the various PHP include files was also leaked. Couple of days ago while browsing facebook I got an error that revealed where the actual code is stored /home/... I believe this violates an important security rule "Secure failure". Unfortunately many web applications on the web still suffer from an insecure failure. Just a thought :)
Prepare for cease and desist...
you dont think this could be considered proprietary source code you're posting?
bpzp, actually I don't know. If this is the case I will be happy to take it down. However, it could as well be a joke which is interesting to be noted. This is why the title of this post is Facebook Homepage Source Code Probably Leaked.
update: seams to be real. the source code was taken down.
Well actually, the source code is still posted http://facebooksecrets.blogspot.com/
Hope hackers play it nice too :)
Site facebooksecrets.blogspot.com was shut down by Google. But there are places in the Web, where you can find this source code :-) (like here: www.mediafire.com/?ddjj9bntdzz). Yes, there are many web sites (and web applications) in the Internet which suffer from an insecure failure. And security researchers and visitors can find such holes during visiting of the sites or via Google hacking. pdp and guys, you can look at my article "Warning" Google hacking http://websecurity.com.ua/1278/ (about dorks developed by me). Where I describe a lot of "warning" search queries (dorks) which let you find Full path disclosure and Information disclosure vulnerabilities at a lot of sites.