Critical Thinking - Bug Bounty Podcast Episode 58: Youssef Sammouda - Client-Side & ATO War Stories
Feb 15, 2024
Youssef Sammouda shares client-side bug exploits like race conditions, hash change events, and scroll to text fragments. Techniques for exploiting post messages, utilizing Redjax bombing, and manipulating URLs are discussed. The importance of detailed bug reports, ID generation vulnerabilities, and browser security weaknesses are highlighted. Advanced topics include cross-origin communication, mobile OAuth vulnerabilities, and HTTP response manipulation for unique attack scenarios.
AI Snips
Chapters
Transcript
Episode notes
Race Condition Bug
- Youssef Sammouda found a client-side race condition in Facebook's PostMessage.
- He exploited an asynchronous origin check by changing the origin mid-request.
Optimizing Race Conditions
- Justin Steven optimized a race condition exploit by caching pages.
- This allowed instantaneous redirects, crucial for timing the exploit correctly.
Race Condition Bypass
- Youssef Sammouda bypassed a race condition fix on Facebook using large PostMessages.
- Sending many large messages (5MB each) bogged down the system, bypassing the lock mechanism.