Facebook URL Redirection Vulnerability
This endpoint contains a specialized parameter that limits its usage to a small number of computers and users, preventing it from being used as a completely open redirect. For more detailed background information, please see this note by one of the engineers on the product: http://www.facebook.com/notes/facebook-security/link-shim-protecting-the-people-who-use-facebook-from-malicious-urls/10150492832835766
Facebook Open Redirect Vulnerability
Affected Application : Main Website
Severity : Medium
Local/Remote : Remote
Vulnerable url : http://facebook.com/l.php?u=http://rafayhackingarticles.net&sugexp=chrome,mod=9
Discovered by: Rafay Baloch - [rafaybaloch(at)gmail(dot)com]
Due to a parameter filtering weakness any supplied input is accepted; as result redirects a user to the parameter value without any validation.
Note: This vulnerability works for only few users, It won't work for every one.
Upadate: If the URL mentioned above does not work, kindly try the following: