Summary
- The writer took part in a reconnaissance marathon and discovered a login page with what they thought was an issue with OAuth configuration.
- After looking into it, they found the app was using a third-party provider, which they have named login.susprovider.com.
- Within the tool they were using, Burp Suite, they found several history endpoints, including one containing a sensitive OAuth endpoint.
- The discovered endpoint can be used to swap any user’s access token, which the author demonstrates in the linked article.
- This shows a potential security flaw where an attacker can impersonate any user and gain access to any data they have access to.
By Iski
Original Article