From 5e63deac9199c37d3bfb24fa4202985cc8eef154 Mon Sep 17 00:00:00 2001
From: Muhammad Daffa <36522826+daffainfo@users.noreply.github.com>
Date: Wed, 21 Jul 2021 22:43:05 +0700
Subject: [PATCH] Update OAuth Misconfiguration.md

---
 OAuth Misconfiguration.md | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/OAuth Misconfiguration.md b/OAuth Misconfiguration.md
index 77d11d0..00be06f 100644
--- a/OAuth Misconfiguration.md	
+++ b/OAuth Misconfiguration.md	
@@ -10,4 +10,7 @@
 9. Try to remove email from the scope and add victim's email manually.
 10. Only company's email is allowed? > Try to replace hd=company(.)com to hd=gmail(.)com
 11.  Check if its leaking client_secret parameter.
-12.  Go to the browser history and check if the token is there.
\ No newline at end of file
+12.  Go to the browser history and check if the token is there.
+
+Reference:
+- https://twitter.com/tuhin1729_/status/1417843523177484292