Back to directory
WRITEUP #6330

Hacking Slack using postMessage and WebSocket-reconnect to steal your precious token

OtherpostMessageViolation of secure design principles
by@fransrosen(Frans Rosén)
Bounty
3,000
Program
Slack
Published
Feb 28, 2017
Added to HackDex
Sep 15, 2022
Read Full Writeuphttps://labs.detectify.com/2017/02/28/hacking-slack-using-postmessage-and-websocket-reconnect-to-steal-your-precious-token/
RELATED WRITEUPS
Data Theft in Salesforce: Manipulating Public Links
OtherSOQL injection
When Certificates Fail: A Story of Bypassed MFA in Remote Access
Other2FA / MFA bypass
SSTI in Bug Bounty Program: The Time I Played with Handlebars and Broke Stuff
OtherSSTI
Ghost In The Ppl Part 1: Byovdll
OtherUse-After-Free
Part 2: From Byovdll To Arbitrary Code Execution In Lsass
OtherUse-After-Free

Built with ❤️ by Shubham Rawat