Turning unexploitable XSS into an account takeover with Matan Berson

📧 Subscribe to BBRE Premium: https://bbre.dev/premium
✉️ Sign up for the mailing list: https://bbre.dev/nl
📣 Follow Matan on Twitter: https://x.com/MtnBer
📣 Follow me on Twitter: https://bbre.dev/tw
Matan's interview in ‪@criticalthinkingpodcast‬:    • Crushing Client-Side on Any Scope wit...  
Devtools Course in BBRE Premium archive: https://members.bugbountyexplained.co...

In this video with Matan Berson, we go through a universal yet previously undocumented technique of exploiting a self-XSS by doing more than just reading a previously opened page.

🖥 Get $100 in credits for Digital Ocean: https://bbre.dev/do

Timestamps:

00:00 Intro
00:47 A conventional way to exploit a self-XSS
09:32 How does the browser prioritize cookies?
12:13 What's Cookie Jar overflow?
14:07 How to serve attacker's account self-XSS while logged in to victim's session?
19:34 How to exploit this when the self-XSS is not on a commonly visited page?