Exploiting OAuth: Redirect_URI
OAuth/Open Authentication:
Before moving further for exploitation, we must familiar ourselves with OAuth. For this, please do check previous blog of mine i.e.
Working/Exploiting:
There is an application that allows users to log in via social media. It uses OAuth to do the authentication of the user from a social media website.
As I click on “Login with social media,” it redirects me to a login page. After providing the credentials, it redirects to the website and authentication was successful, intercept the login request using burp suite.
Intercepted request looks like of the OAuth look like:
We can see that there are a lot of parameters in this request which generally are in the oauth such as Client_id, redirect_uri, response_type, and scope but there is no state parameter which means that this is oauth implementation is vulnerable to CSRF
Scope parameter is used “to specify that what information the website wants to fetch from the social media account“. As I forward this request, it asks me to approve the sharing of information.