Sign up for Intigriti: https://go.intigriti.com/bbre
🖥 Get $100 in credits for Digital Ocean 🖥
This video is an explanation of account takeover vulnerability on the main Facebook site that was a result of postMessage bug and cross-site scripting.
Some code snippets have been prettified for readability.
✎Sign up for Pentesterlab from my referral✎
Follow me on twitter:
00:22 Intigriti – the sponsor of today’s video
01:00 listening for postMessages
03:25 sending postMessages
06:32 The exploit