Hacking Facebook in 3 different ways for $54,800 – Bug Bounty Reports Explained
https://mailing.bugbountyexplained.com/
In this video I present 3 vulnerabilities that allowed to hack Facebook: 2x account takeover and SSRF (server-side request forgery). All of them were reported by Alaa Abdulridha to Facebook bug bounty program.
☕️ Support my channel ☕️
https://www.buymeacoffee.com/bountyexplained
? Get $100 in credits for Digital Ocean ?
https://m.do.co/c/cc700f81d215
✎Sign up for Pentesterlab from my referral✎
https://pentesterlab.com/referral/Vtch_7hLg32TqA
Original blogposts:
https://infosecwriteups.com/how-i-hacked-facebook-part-one-282bbb125a5d
https://infosecwriteups.com/how-i-hacked-facebook-part-two-ffab96d57b19
Reporter’s twitter:
https://twitter.com/alaa0x2
Follow me on twitter:
https://twitter.com/gregxsunday
Timestamps:
00:00 Intro
00:23 The first account takeover
01:14 Hacking ASPXAUTH cookie
06:00 The root cause of the vulnerability
08:34 SSRF
Add comment