Facebook Oauth Misconfiguration
arrow-up-right
Authenticated via Facebook
Click “Edit Access” and uncheck the permission to share email address with the application. Then click “Continue”
The app didn’t receive email from Facebook, it redirect back and prompt to manually enter an email address.
Type: victim@example.com No verification, No confirmation email
victim@example.com
The app immediately log you in as the victim
Disclaimer: As an Amazon Associate, I earn from qualifying purchases. This helps support this GitBook project at no extra cost to you.
The Web Application Hacker’s Handbookarrow-up-right The go-to manual for web app pentesters. Covers XSS, SQLi, logic flaws, and more
Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilitiesarrow-up-right Learn how to perform reconnaissance on a target, how to identify vulnerabilities, and how to exploit them
Real-World Bug Hunting: A Field Guide to Web Hackingarrow-up-right Learn about the most common types of bugs like cross-site scripting, insecure direct object references, and server-side request forgery.
I hope it helps you as much as it has helped me. If you can support me in any way, I would deeply appreciate it.
Last updated 4 months ago
