OAuth Misconfig → Account Takeover

OAUTH MISCONFIGURATION
  1. Next after sign up, log out of the account and trying login with OAuth Functionality.
  2. Now once you are in the account , change some info like Name, address or anything.
  3. Now again logout and sign in with Email and Password you created on Step 1.
  4. If you can see the account with changed info, bang on! You found a vulnerability.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Parth Shukla

Parth Shukla

Security Analyst, Bug XS Community Leader