The OAuth Oversight: When Configuration Errors Turn into Account Hijacks

2 weeks ago 24
BOOK THIS SPACE FOR AD
ARTICLE AD

Nightcoders

Hey folks I hope you are doing well. I am back with another writeup on OAuth misconfiguration leads to account takeover. The premiere is set on YouTube for a PoC for in depth detailing.

While searching on for some program on Bugcrowd, I came across a program whose name I will not disclose here but have disclosed in my PoC on YouTube which will be uploaded soon. Make sure you watch it. I will keep the name here as redacted.com, now since I created an account using OAuth I noticed that there is a flaw in OAuth and it is misconfigured

Steps To Reproduce:

Go to the redacted.com and create an account using OAuth
Attacker created an account using his OAuth

2. Attacker changes the email address to that of the victim email address

Attacker changed the email address to that of victim

3. Attacker then logs out of the account and then goes onto the OAuth and uses the previous email and gets logged into the victim account

Attacker again logs in from old account via OAuth

4. Attacker logs into the victim account, thus granting the whole account takeover

Logged In Via victim account

I got rewarded $$$ for this submission and I hope you all understood the steps. The premiere of the PoC is set and will release in 1–2 days. Follow me up for more writeup guys. Thank you!!!

LinkedIn: https://www.linkedin.com/in/akash-suman-7b95572a1/

Twitter: https://x.com/CyberGhostOps

YouTube: https://www.youtube.com/@bugzinmypocket

Read Entire Article