OAuth2verdrive: How Broken Token Exchange Let Me Log in as Any User
作者在安全测试中发现应用使用第三方OAuth登录服务存在配置问题,通过分析Burp Suite抓取的请求,找到了关键授权端点URL,揭示了潜在的安全漏洞。 2025-6-12 06:3:23 Author: infosecwriteups.com(查看原文) 阅读量:7 收藏

Iski

Free Link 🎈

Hey there!😁

Image by Gemini AI

The Prelude: When Coffee Met OAuth

You know those days where all you want is a peaceful morning with your laptop, some recon, and your third cup of coffee? Yeah… this wasn’t one of those. My browser had more tabs than a conspiracy theorist’s desktop, Burp Suite was throwing a tantrum, and OAuth was about to become the main character of my chaos.

I stumbled upon a wild login page during my recon marathon. My gut whispered, “Check the OAuth config.” My brain replied, “We barely understand our own login flow.” 🤦‍♂️

After mapping the flow, I discovered the app was using a third-party provider (let’s call it login.susprovider.com).

When I initiated a login, the following endpoints showed up in my Burp history:

https://target.com/auth/authorize?response_type=co…

文章来源: https://infosecwriteups.com/oauth2verdrive-how-broken-token-exchange-let-me-log-in-as-any-user-3f211de93bf1?source=rss----7b722bfd1b8d---4
如有侵权请联系:admin#unsafe.sh