Check out Intigriti:
? Subscribe to BBRE Premium:
✉️ Sign up for the mailing list:
? Follow me on Twitter:

This video is an explanation of a bug bounty report submitted by Youssef Sammouda to Facebook bug bounty program. The vulnerability was an OAuth account takeover in login with Gmail functionality. The hunter got almost $45k for it.

? Get $100 in credits for Digital Ocean:

Reporter’s Twitter:

00:00 Intro
00:55 Oauth protocol a typical attack
03:09 Breaking the Oauth flow
05:20 Leaking the code
06:52 The full exploit

Add comment

Your email address will not be published. Required fields are marked *