An often overlooked Oauth misconfiguration.

  1. The developer made an intermediate link like https://www.example.com/auth/ok/
  2. The developer did not add the csrf token to this request, because he thinks that state token will “protect him”.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

How to Achieve GLBA Compliance: A Guide for Financial Services | BigID

What is Phishing?

What is the path forward for cybersecurity?

Business E-mail Compromise (BEC) and E-mail Account Compromise (EAC)

#2: HTB@Devel— 10.10.10.5

There’s No Such Thing as a Free Ride

Detects a masked face

BitOrbit — The Game Changer

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
VipItHunter

VipItHunter

More from Medium

Blind SQL injection with time delays and information retrieval(portswigger)

Managing SSL on landing pages using Caddy

FluxCD — Deploy a Helm Chat from Git

2FA TOTP Authentication and Authenticator Apps