BOOK THIS SPACE FOR AD
ARTICLE ADHey folks I hope you are doing well. I am back with another writeup on OAuth misconfiguration leads to account takeover. The premiere is set on YouTube for a PoC for in depth detailing.
While searching on for some program on Bugcrowd, I came across a program whose name I will not disclose here but have disclosed in my PoC on YouTube which will be uploaded soon. Make sure you watch it. I will keep the name here as redacted.com, now since I created an account using OAuth I noticed that there is a flaw in OAuth and it is misconfigured
Steps To Reproduce:
Go to the redacted.com and create an account using OAuthAttacker created an account using his OAuth2. Attacker changes the email address to that of the victim email address
Attacker changed the email address to that of victim3. Attacker then logs out of the account and then goes onto the OAuth and uses the previous email and gets logged into the victim account
Attacker again logs in from old account via OAuth4. Attacker logs into the victim account, thus granting the whole account takeover
Logged In Via victim accountI got rewarded $$$ for this submission and I hope you all understood the steps. The premiere of the PoC is set and will release in 1–2 days. Follow me up for more writeup guys. Thank you!!!
LinkedIn: https://www.linkedin.com/in/akash-suman-7b95572a1/
Twitter: https://x.com/CyberGhostOps