Security Researcher Dan Melamed discovered an Open URL Redirection vulnerability in Facebook that allowed him to have alink redirect to any website without restrictions. The vulnerability exists at landing.php page with “url” parameter, i.e.e. The Facebook’s Linkshim (l.php) interprets the link target.com the same as https://target.com making possible the redirection.com. Facebook quickly fixed the vulnerability after the. report and the payout $1,000 reward under the Facebook bug bounty program.
Source: https://thehackernews.com/2013/11/facebook-open-url-redirection-vulnerability_16.html