✉️ Sign up for the mailing list ✉️ https://mailing.bugbountyexplained.com/
Sign up for Intigriti: https://go.intigriti.com/bbre

? Get $100 in credits for Digital Ocean ?
https://m.do.co/c/cc700f81d215

This video is an explanation of account takeover vulnerability on the main Facebook site that was a result of postMessage bug and cross-site scripting.

Some code snippets have been prettified for readability.

✎Sign up for Pentesterlab from my referral✎
https://pentesterlab.com/referral/Vtch_7hLg32TqA

Report:
https://ysamm.com/?p=493

Reporter’s twitter:
https://twitter.com/samm0uda

Follow me on twitter:
https://twitter.com/gregxsunday

Timestamps:
00:00 Intro
00:22 Intigriti – the sponsor of today’s video
01:00 listening for postMessages
03:25 sending postMessages
06:32 The exploit

Add comment

Your email address will not be published. Required fields are marked *