It also opens doors for phishing attacks.
Homakov said that he had publicly disclosed the vulnerability on in blogpost on26th January, 2014.
Every website with Connect Facebook account and jump in with it is vulnerable to account hijacking.
The tool abuses triple-CSRFs (Cross-Site Request Forgery) vulnerability present in the Facebook login.
This will drive victims to a specified location where they are in fact logged into the Sakurity Facebook account.
From here, the account using the Facebook login belongs to Sakurity.
source: www.techworm.net
