Open redirect, what can we do with it? I will share two bugs I found and could make it high with open redirect issue/feature XD.
let’s say our target’s name is (target.com), and the application’s OAuth service is (oauthtarget.com).
let’s clear something there are two types of open redirect in OAuth, first one in the OAuth Service itself and the second one is the company that will use this OAuth service, let’s take the following URL as an example
If you open this (in real use XD) you will be asked to accept or reject the access from CompanyX to your information in the owner application of OAuth Service, when you accept the access the application will redirect you to the URL from the (redirect_uri) parameter but it will add an Access Token (Code), CompanyX will use this Token to access your information, so if an attacker could steal this Code he can access the information of this user. The following is an example when the OAuth Service send the token
Now what if we have an open redirect issue in the (redirect_uri) parameter and what if we have an open redirect in the (CompanyX.com) domain, what will happen?
This post was created with our nice and easy submission form. Create your post!