ch0ic3/AllAboutBugBounty
1
0
Fork 0
mirror of https://github.com/daffainfo/AllAboutBugBounty.git synced 2024-12-18 10:26:11 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Update OAuth Misconfiguration.md

Browse Source
This commit is contained in:
Muhammad Daffa 2021-07-21 22:43:05 +07:00 committed by GitHub
parent 338475aee1
commit 5e63deac91
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
OAuth Misconfiguration.md
View File

@ -10,4 +10,7 @@
9. Try to remove email from the scope and add victim's email manually.
10. Only company's email is allowed? > Try to replace hd=company(.)com to hd=gmail(.)com
11. Check if its leaking client_secret parameter.
12. Go to the browser history and check if the token is there.
12. Go to the browser history and check if the token is there.
Reference:
- https://twitter.com/tuhin1729_/status/1417843523177484292