writeups.xyz / Hacking Slack using postMessage and WebSocket-reconnect to steal your precious token

Submitter : c2a

Date: 28 February 2017

Bounty : 3,000

Vulnerabilities :

• PostMessage
• Violation of Secure Design Principles

Programs :

• Slack

Authors :

• Frans Rosén (@Fransrosen)

Link :
https://labs.detectify.com/2017/02/28/hacking-slack-using-postmessage-and-websocket-reconnect-to-steal-your-precious-token/