OAuth Misconfiguration to Account Takeover

Open redirect, what can we do with it? I will share two bugs I found and could make it high with open redirect issue/feature XD.

let’s say our target’s name is (, and the application’s OAuth service is (

let’s clear something there are two types of open redirect in OAuth, first one in the OAuth Service itself and the second one is the company that will use this OAuth service, let’s take the following URL as an example

If you open this (in real use XD) you will be asked to accept or reject the access from CompanyX to your information in the owner application of OAuth Service, when you accept the access the application will redirect you to the URL from the (redirect_uri) parameter but it will add an Access Token (Code), CompanyX will use this Token to access your information, so if an attacker could steal this Code he can access the information of this user. The following is an example when the OAuth Service send the token

Now what if we have an open redirect issue in the (redirect_uri) parameter and what if we have an open redirect in the ( domain, what will happen?

This post was created with our nice and easy submission form. Create your post!

What do you think?

Posted by SH

Leave a Reply

Your email address will not be published. Required fields are marked *

GIPHY App Key not set. Please check settings

Google Chrome Bug Worth for $6K: Use After Free (CVE-2021-30573)

PHP-FPM local root vulnerability