Turning unexploitable XSS into an account takeover with Matan Berson
✉️ Sign up for the mailing list: https://bbre.dev/nl
???? Follow Matan on Twitter: https://x.com/MtnBer
???? Follow me on Twitter: https://bbre.dev/tw
Matan’s interview in The Critical Thinking Bug Bounty Podcast: https://youtu.be/aDcK6Z6K2Zc?si=MQT5FKLHW3yZpalX
Devtools Course in BBRE Premium archive: https://members.bugbountyexplained.com/course/devtools/
In this video with Matan Berson, we go through a universal yet previously undocumented technique of exploiting a self-XSS by doing more than just reading a previously opened page.
???? Get $100 in credits for Digital Ocean: https://bbre.dev/do
Timestamps:
00:00 Intro
00:47 A conventional way to exploit a self-XSS
09:32 How does the browser prioritize cookies?
12:13 What’s Cookie Jar overflow?
14:07 How to serve attacker’s account self-XSS while logged in to victim’s session?
19:34 How to exploit this when the self-XSS is not on a commonly visited page?
Add comment