📧 Subscribe to BBRE Premium: bbre.dev/premium
✉️ Sign up for the mailing list: bbre.dev/nl
📣 Follow me on Twitter: bbre.dev/tw
Sign up for Intigriti: go.intigriti.com/bbre
🖥 Get $100 in credits for Digital Ocean 🖥
m.do.co/c/cc700f81d215
This video is an explanation of account takeover vulnerability on the main Facebook site that was a result of postMessage bug and cross-site scripting.
Some code snippets have been prettified for readability.
✎Sign up for Pentesterlab from my referral✎
pentesterlab.com/referral/Vtc...
Report:
ysamm.com/?p=493
Reporter's twitter:
/ samm0uda
Follow me on twitter:
/ gregxsunday
Timestamps:
00:00 Intro
00:22 Intigriti - the sponsor of today's video
01:00 listening for postMessages
03:25 sending postMessages
06:32 The exploit
Негізгі бет $25,000 Facebook.com postMessage account takeover vulnerability
No video
Пікірлер: 36