all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

185 - Facebook Account Takeovers and a vBulletin RCE [Bug Bounty Podcast]

Add to bookmarks
Feb. 7, 2023, 9 p.m. | DAY[0]

DAY[0] www.youtube.com

Is it possible to escalate a self-XSS into an account takeover? Perhaps, we take a look at some potential options by abusing single-sign on. Then we take a look at a few Facebook/Meta authentication issues, and a deserialization trick to increase the usable classes in PHP.

Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/185.html

[00:00:00] Introduction
[00:00:21] Single-Sign On Gadgets: Escalate (Self-)XSS to Account Takeover
[00:11:11] Account takeover of Facebook/Oculus accounts due to First-Party access_token stealing
[00:14:00] …

abusing account accounts account takeover authentication bounty bug bug bounty deserialization facebook gadgets introduction meta options party php podcast rce sign single stealing takeover takeovers vbulletin xss

Visit resource

More from www.youtube.com / DAY[0]

253 - A Retrospective and Future Look Into DAY[0] 2 weeks, 1 day ago | www.youtube.com
air bounty change future +5
252 - Bypassing KASLR and a FortiGate RCE [Binary Exploitation Podcast] 1 month, 1 week ago | www.youtube.com
aslr binary binary exploitation bypass +23
251 - RCE'ing Mailspring and a .NET CRLF Injection [Bug Bounty Podcast] 1 month, 2 weeks ago | www.youtube.com
attack attack chain attacks bounty +16
Future of Exploit Development Follow-up (Episode 250) 1 month, 3 weeks ago | www.youtube.com
corruption development exploit exploit development +9
249 - libXPC to Root and Digital Lockpicking [Bug Bounty Podcast] 1 month, 3 weeks ago | www.youtube.com
android authentication authentication bypass bounty +22
248 - Binary Ninja Free and K-LEAK [Binary Exploitation Podcast] 1 month, 4 weeks ago | www.youtube.com
automated binary binary exploitation binary ninja +13
247 - Hacking Google AI and SAML [Bug Bounty Podcast] 1 month, 4 weeks ago | www.youtube.com
auth authentication authentication bypass automated +25
246 - Rust Memory Corruption??? [Binary Exploitation Podcast] 2 months ago | www.youtube.com
access array binary binary exploitation +21
245 - A PHP and Joomla Bug and some DOM Clobbering [Bug Bounty Podcast] 2 months, 1 week ago | www.youtube.com
api bounty bug bug bounty +20

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Lead Security Specialist

@ Fujifilm | Holly Springs, NC, United States
View on infosec-jobs.com

Security Operations Centre Analyst

@ Deliveroo | Hyderabad, India (Main Office)
View on infosec-jobs.com

CISOC Analyst

@ KCB Group | Kenya
View on infosec-jobs.com

Lead Security Engineer – Red Team/Offensive Security

@ FICO | Work from Home, United States
View on infosec-jobs.com

Cloud Security SME

@ Maveris | Washington, District of Columbia, United States - Remote
View on infosec-jobs.com

SOC Analyst (m/w/d)

@ Bausparkasse Schwäbisch Hall | Schwäbisch Hall, DE
View on infosec-jobs.com
View more jobs