This vulnerability redirects victim by using a
Facebook URL to any of the url you want (could be some
phishing) ;)
Its absolutely working as i myself tried it just now 3:)
Facebook uses hash to avoid url redirection and hash is per account.