Facebook Security Flaw – Database Table Names Exposed

Ever wondered what mysql table names Facebook use? Well, now you can see thanks to Facebook’s Advertising Platform, which under the right set of circumstances will spit out a lovely (by lovely we mean potentially dangerous) error which reveals a little more than Facebook probably intended:









The error reads:

QueryConnectionException: connection dropped; ‘SELECT `account_id`,`admarket_id`,`friendly_name`,`status`,`channel`,`max_budget`,`funding_type`,`funding_id`,`abtest_id`, `credit_status`,`terms`,`currency`,`vertical_type`,`timezone_id`,vat_status,tier,manager_id FROM `account` WHERE `account_id` IN (7*******) LOCK IN SHARE MODE’

Be Sociable, Share!

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>