Back to directory
WRITEUP #3274

Insufficient Redirect URI validation: The risk of allowing to dynamically add arbitrary query parameters and fragments to the redirect_uri

OAuthPrototype pollution
by@_lauritz_(Lauritz Holtmann)
Program
GitHubMicrosoftStackExchange
Published
Nov 6, 2021
Added to HackDex
Sep 15, 2022
Read Full Writeuphttps://security.lauritz-holtmann.de/post/sso-security-redirect-uri-ii/
RELATED WRITEUPS
How I Got $250 For My Second Bug on HackerOne
OAuthSession expiration issue
AI Under Siege: Discovering and Exploiting Vulnerabilities
AI / LLMAI
Stealing First Party Access Token of Facebook Users: Meta Bug Bounty
OAuthAccount takeover
Over 1 Million websites are at risk of sensitive information leakage - XSS is dead. Long live XSS
XSSOAuth
Self XSS + Login CSRF + OAuth = Account Takeover
Auth BypassAccount takeover

Built with ❤️ by Shubham Rawat