$25,000 Facebook.com postMessage account takeover vulnerability
Sign up for Intigriti: https://go.intigriti.com/bbre
? Get $100 in credits for Digital Ocean ?
https://m.do.co/c/cc700f81d215
This video is an explanation of account takeover vulnerability on the main Facebook site that was a result of postMessage bug and cross-site scripting.
Some code snippets have been prettified for readability.
✎Sign up for Pentesterlab from my referral✎
https://pentesterlab.com/referral/Vtch_7hLg32TqA
Report:
https://ysamm.com/?p=493
Reporter’s twitter:
https://twitter.com/samm0uda
Follow me on twitter:
https://twitter.com/gregxsunday
Timestamps:
00:00 Intro
00:22 Intigriti – the sponsor of today’s video
01:00 listening for postMessages
03:25 sending postMessages
06:32 The exploit
Add comment