OAUTH Misconfigurations

Resources

1. https://datatracker.ietf.org/doc/html/rfc6749

2. https://oauth.net/2/

3. https://www.oauth.com/

4. https://www.youtube.com/watch?v=996OiexHze0

5. https://www.amazon.com/OAuth-2-Action-Justin-Richer/dp/161729327X

6. OAuth2.0 Protocol Code Flow with PKCE Explained in Arabic: https://www.youtube.com/watch?v=_NNPKyAlaIw

7. Modern Guide - What is OAuth 2.0 and How Does It Work: https://fusionauth.io/articles/oauth/modern-guide-to-oauth

8. OAuth 2.0 explained with examples: https://dev.to/hem/oauth-2-0-flows-explained-in-gifs-2o7a

9. OAuth 2.0 flows explained in GIFs: https://www.youtube.com/watch?v=ZDuRmhLSLOY

10. Official Docs: https://oauth.net/2/

11. YouTube: OAuth2.0 Protocol Code Flow with PKCE Explained | oauth2.0 شرح

Mind map

https://pbs.twimg.com/media/EZ1WqmcXYAAqwSH?format=jpg&name=900x900

Top OAuth reports from HackerOne:

1. Shopify Stocky App OAuth Misconfiguration to Shopify - 514 upvotes, $0

2. Chained Bugs to Leak Victim's Uber's FB Oauth Token to Uber - 398 upvotes, $0

3. Insufficient OAuth callback validation which leads to Periscope account takeover to X (Formerly Twitter) - 260 upvotes, $0

4. OAuth redirect_uri bypass using IDN homograph attack resulting in user's access token leakage to Semrush - 224 upvotes, $0

5. Ability to bypass email verification for OAuth grants results in accounts takeovers on 3rd parties to GitLab - 223 upvotes, $3000

6. Unauthenticated blind SSRF in OAuth Jira authorization controller to GitLab - 222 upvotes, $4000

7. Stealing Facebook OAuth Code Through Screenshot viewer to Rockstar Games - 193 upvotes, $0

8. Stealing Users OAuth authorization code via redirect_uri to pixiv - 183 upvotes, $2000

9. Referer Leakage Vulnerability in socialclub.rockstargames.com/crew/ leads to FB'S OAuth token theft. to Rockstar Games - 106 upvotes, $0

10. User account compromised authentication bypass via oauth token impersonation to Picsart - 91 upvotes, $0

11. Incorrect details on OAuth permissions screen allows DMs to be read without permission to X (Formerly Twitter) - 73 upvotes, $2940

12. Facebook OAuth Code Theft through referer leakage on support.rockstargames.com to Rockstar Games - 67 upvotes, $0

13. CSRF on Periscope Web OAuth authorization endpoint to X (Formerly Twitter) - 66 upvotes, $0

14. Misconfigured oauth leads to Pre account takeover to Bumble - 58 upvotes, $0

15. Stealing Users OAuth Tokens through redirect_uri parameter to GSA Bounty - 52 upvotes, $750

16. [auth2.zomato.com] Reflected XSS at oauth2/fallbacks/error | ORY Hydra an OAuth 2.0 and OpenID Connect Provider to Zomato - 46 upvotes, $0

17. Ability to bypass social OAuth and take over any account [d2c-api] to Genasys Technologies - 40 upvotes, $0

18. Gitlab Oauth Misconfiguration Lead To Account Takeover to Vercel - 39 upvotes, $0

19. Mattermost Server OAuth Flow Cross-Site Scripting to Mattermost - 38 upvotes, $900

20. Oauth flow on the comments widget login can lead to the access code leakage to Ed - 38 upvotes, $0

21. Stealing Users OAUTH Tokens via redirect_uri to BOHEMIA INTERACTIVE a.s. - 38 upvotes, $0

22. Broken OAuth leads to change photo profile users . to Dropbox - 37 upvotes, $512

23. Race Conditions in OAuth 2 API implementations to Internet Bug Bounty - 37 upvotes, $0

24. Twitter iOS fails to validate server certificate and sends oauth token to X (Formerly Twitter) - 35 upvotes, $2100

25. Smuggle SocialClub's Facebook OAuth Code via Referer Leakage to Rockstar Games - 35 upvotes, $750

26. account_info.read scope OAuth app access token can change token owner's account name. to Dropbox - 34 upvotes, $1728

27. Open Redirect on Gitllab Oauth leading to Acount Takeover to Vercel - 34 upvotes, $0

28. Image Injection vulnerability on screenshot-viewer/responsive/image may allow Facebook OAuth token theft. to Rockstar Games - 32 upvotes, $0

29. User session access due to Oauth whitelist host bypass and postMessage to Mail.ru - 30 upvotes, $0

30. OAuth 2 Authorization Bypass via CSRF and Cross Site Flashing to Vimeo - 28 upvotes, $0