What can I do with Open Redirect with OAuth?
Open redirect, what can we do with it? I will share two bugs I found and could make it high with open redirect issue/feature XD. let's say our target's name is (target.com), and the application's OAuth service is (oauthtarget.com). let's clear something there are two types of open redirect in OAuth, first one in the OAuth Service it self and second one is the company which will use this OAuth service, let's take the following URL as an example http://oauthtarget.com/oauth?redirect_uri=http://companyX.com/callback&client=NA If you open this (in real use XD) you will be asked to accept or reject the access from CompanyX to your information in the owner application of OAuth Service, when you accept the access the application will redirect you to the URL from the (redirect_uri) parameter but it will add an Access Token (Code), CompanyX will use this Token to access your informaiton, so if an attacker could steal this Code he can access the informaiton of this user. ...