14 DAY TRIAL // Security researchers identified multiple high severity vulnerabilities in the popular Facebook application called NYClubs.
According to Vulnerability Lab, an SQL injection flaw was found in the application. If exploited, the vulnerability allows a remote attacker to inject his own SQL statements, compromising the application, the service, or the database management system.
The second security hole refers to a cross-site scripting (XSS) issue that could allow a hacker to hijack sessions and manipulate client-side application requests with the aid of some social engineering.
Since the vulnerable application is an external third-party application sponsored by the Facebook NYClubs Development Team, Vulnerability Lab notified the Facebook Security Team which in turn notified the developer.
Earlier today, the same security experts disclosed a weakness they uncovered in Skype, which allowed a remote attacker to crash a system.