✉️ Sign up for the mailing list ✉️
https://mailing.bugbountyexplained.com/

In this video I present 3 vulnerabilities that allowed to hack Facebook: 2x account takeover and SSRF (server-side request forgery). All of them were reported by Alaa Abdulridha to Facebook bug bounty program.

☕️ Support my channel ☕️
https://www.buymeacoffee.com/bountyexplained

? Get $100 in credits for Digital Ocean ?
https://m.do.co/c/cc700f81d215

✎Sign up for Pentesterlab from my referral✎
https://pentesterlab.com/referral/Vtch_7hLg32TqA

Original blogposts:
https://infosecwriteups.com/how-i-hacked-facebook-part-one-282bbb125a5d
https://infosecwriteups.com/how-i-hacked-facebook-part-two-ffab96d57b19

Reporter’s twitter:
https://twitter.com/alaa0x2
Follow me on twitter:
https://twitter.com/gregxsunday

Timestamps:
00:00 Intro
00:23 The first account takeover
01:14 Hacking ASPXAUTH cookie
06:00 The root cause of the vulnerability
08:34 SSRF

Add comment

Your email address will not be published. Required fields are marked *