📧 Subscribe to BBRE Premium: https://bbre.dev/premium
✉️ Sign up for the mailing list: https://bbre.dev/nl
📣 Follow me on Twitter: https://bbre.dev/tw
Sign up for Intigriti: https://go.intigriti.com/bbre
🖥 Get $100 in credits for Digital Ocean 🖥
https://m.do.co/c/cc700f81d215
This video is an explanation of account takeover vulnerability on the main Facebook site that was a result of postMessage bug and cross-site scripting.
Some code snippets have been prettified for readability.
✎Sign up for Pentesterlab from my referral✎
https://pentesterlab.com/referral/Vtch_7hLg32TqA
Report:
https://ysamm.com/?p=493
Reporter's twitter:
https://twitter.com/samm0uda
Follow me on twitter:
https://twitter.com/gregxsunday
Timestamps:
00:00 Intro
00:22 Intigriti - the sponsor of today's video
01:00 listening for postMessages
03:25 sending postMessages
06:32 The exploit
