Thursday, September 6, 2012 Pwning Facebook's OAuth 2.0 through URL hash tricks Introduction: what's OAuth and so forth I'll describe here several flaws in Facebook's authentication with OAuth and how I was able to exploit them for getting access to victim's account on a site, which uses Facebook authentication. Facebook security team quickly responded and rolled out a fix for this issue shortly a