mirror of
https://github.com/daffainfo/AllAboutBugBounty.git
synced 2024-12-18 10:26:11 +00:00
981 B
981 B
OAuth Misconfiguration
- OAuth token stealing: Changing redirect_uri to attacker(.)com(Use IDN Homograph or common bypasses).
- Change Referral header to attacker(.)com while requesting OAuth.
- Create an account with victim@gmail(.)com with normal functionality. Create account with victim@gmail(.)com using OAuth functionality. Now try to login using previous credentials.
- OAuth Token Re-use.
- Missing or broken state parameter.
- Lack of origin check.
- Open Redirection on another endpoint > Use it in redirect_uri
- If there is an email parameter after signin then try to change the email parameter to victim's one.
- Try to remove email from the scope and add victim's email manually.
- Only company's email is allowed? > Try to replace hd=company(.)com to hd=gmail(.)com
- Check if its leaking client_secret parameter.
- Go to the browser history and check if the token is there.
Reference: