OAuth Misconfiguration
Last updated
Was this helpful?
Last updated
Was this helpful?
In the SSO feature. For example the URL will be looks like this
OAuth token stealing by changing redirect_uri
and Use IDN Homograph
Normal parameter
IDN Homograph
If you notice, im not using the normal e
Create an account with with normal functionality. Create account with using OAuth functionality. Now try to login using previous credentials.
OAuth Token Re-use.
Improper handling of state parameter
To exploit this, go through the authorization process under your account and pause immediately after authorization. Then send this URL to the logged-in victim
CSRF Attack
Lack of origin check.
Open Redirection on redirect_uri
parameter
Normal parameter
Open Redirect
If there is an email parameter after signin then try to change the email parameter to victim's one.
Try to remove email from the scope and add victim's email manually.
Check if its leaking client_secret