Originally Posted by SpOonWiZaRd
Fisrt off, I wasnt talikng to the admin as I have great respect for shabbir, secondly buffer overflow or smashing the stack causes a program to crash or operate incorrectly, the aim is then to inject executable code into the running program and then to try and take control of the process. It is a very old method but it still works on some systems. All I meant by that is to try that with the facebook server which is very dangerous in my eyes as you are very likely to get caught. I hope you understand me now?
The aim isn't to inject executable code into the program. It's to overwrite a pointer/return address on the runtime stack so that it points to the memory address where your instructions are stored, so when the program pops its last method/function off the stack, it returns to your instructions and executes them instead of returning to where the method was called from.
Most buffer overflows are used for local privilege escalation, but every now and then they can be exploited remotely on web applications (like what you're talking about) or other connected programs (like p2p clients or internet browsers). They mostly work on programs that were coded in c/c++.
You don't try them on servers themselves. You look for them in applications/OS's the servers are running. Finding a site that uses a web application that is vulnerable to buffer overflow is pretty rare, so if you meant hack facebook by buffer overflow on a web application, you can pretty much forget about it. They'll have all their applications updated. If you meant root their server with a buffer overflow, that's more possible, but incredibly stupid to try without taking many precautions first, and not worth the trouble just to see who viewed your profile.
The best way to hack a social networking site is by using xss/js injections in vectors they haven't thought to filter or social engineer/keylog an admin.
@indiansword, I remember hearing about that. If I'm correct, it was not even a matter of days before it was fixed, but several hundred thousand accounts were still compromised because of it. I wonder how long it would have gone undetected if whoever found it hadn't made it so obvious.