-
Notifications
You must be signed in to change notification settings - Fork 0
OAuth authentication
Alnoman Kamil edited this page Nov 23, 2024
·
7 revisions
Apprentice lab:
Authentication bypass via OAuth implicit flow
Apprentice lab:
Authentication bypass via OAuth implicit flow
This lab uses an OAuth service to allow users to log in with their social media account. Flawed validation by the client application makes it possible for an attacker to log in to other users' accounts without knowing their password.
To solve the lab, log in to Carlos's account. His email address is [email protected].
You can log in with your own social media account using the following credentials: wiener:peter.
-
Solution
- Click on My account. Notice
Connection: keep-aliveheader is needed. - Switch on using HTTP/1 protocol.
- Study the requests made, after you log in as
wiener:peter. - Modify the
POSTrequest made.- from
{ "email": "[email protected]", "token": "qDqwIzbwJZ1uu2KnQNpoMyp5gUtTiRib5g0w-4W-T7j", "username": "wiener" }- to
{ "email": "[email protected]", "token": "qDqwIzbwJZ1uu2KnQNpoMyp5gUtTiRib5g0w-4W-T7j", "username": "carlos" } - Lab is solved.
- Click on My account. Notice
NOTE:
Burp switches protocols automatically.
Practitioner lab:
SSRF via OpenID dynamic client registration (Pro)
Practitioner lab:
SSRF via OpenID dynamic client registration (Pro)
Solutions for the Portswigger's Web Security Academy using mitmproxy and other cli tools instead of Burp Suite
Server-side topics:
- SQL injection
- Authentication
- File path traversal
- OS command injection
- Business logic vulnerabilities
- Information disclosure
- Access control vulnerabilities
- File upload vulnerabilities
- Race conditions
- Server-side request forgery (SSRF)
- XML external entity (XXE) injection
- NoSQL injection
- API testing
- Web cache deception
Client-side topics:
- Cross-site scripting (XSS)
- Cross-site request forgery (CSRF)
- Cross-origin resource sharing (CORS)
- Clickjacking
- DOM-based vulnerabilities
- WebSockets
Advanced topics: