Check out Intigriti: https://www.intigriti.com/
? Subscribe to BBRE Premium: https://bbre.dev/premium
✉️ Sign up for the mailing list: https://bbre.dev/nl
? Follow me on Twitter: https://bbre.dev/tw

This video is an explanation of a bug bounty report submitted by Youssef Sammouda to Facebook bug bounty program. The vulnerability was an OAuth account takeover in login with Gmail functionality. The hunter got almost $45k for it.

? Get $100 in credits for Digital Ocean: https://bbre.dev/do

Report: https://ysamm.com/?p=763
Reporter’s Twitter: https://twitter.com/samm0uda

Timestamps:
00:00 Intro
00:55 Oauth protocol a typical attack
03:09 Breaking the Oauth flow
05:20 Leaking the code
06:52 The full exploit

Add comment

Your email address will not be published. Required fields are marked *