Facebook Internal IP disclosure and session hijacking vulnerability....
Do you have any idea about an Internal IP Address or a Private IP Address that too assigned for Multinational Companies? Yeah, today we are gonna discuss about Internal IP or Private IP address Disclosure.

Disclosure of an Internal IP like 192.168.*.* or 172.16.*.* , can really Impact ? Most security researchers call it as "bull shit" vulnerability. But when it comes to impact calculation even if the server is behind a firewall or NAT, an attacker can see internal IP of the remote host and this may be used to further attacks.

Internet Giants like Facebook, Google, PayPal and Serious National Security organizations like FBI, Pentagon and NASA are taking initiatives for their Security Issues. At same, we at 'The Hacker News' stand together for organizations that talk about national security in a serious way.

I guess,its the time to understand about the flaws and its impacts where I would like to share my findings about our Internet Giants and Organizations.

Facebook - Internal IPv4 Address and Session Cookie Disclosure

Facebook spent $8.5 million to buy fb.com. According to the many report available on the internet says "fb.com is for Facebook Internal Use Only".

URL - http://newsroom.fb.com/v/?id=467&skip=False
Internal IP : 192.168.149.88
Session Cookie : Session Cookie Generation probably depends the administration from their admin panel located at http://newsroom.fb.com/admin/login.aspx?RefUrl=%2Fadmin%2Fdefault.aspx