Day 27/100 Hack and Improvement

less than 1 minute read

Day 27 comes with a pretty interesting attack called “Pixel that steals your data” and Vulnerability chaining such as Open Redirect and OAuth misconfiguration.

Pixel that steals your data

From Rajesh Ranjan. Today I found some amazing writeup, by which you can Steal some sensitive info of the Victims using the service called IP logger. Checkout the writeup here

OAuth and Open redirect

From Sam (CoffeeJunkie). Open redirect is one of my favorites vulnerabilities because it looks so simple, but if the escalation is possible, it can lead to other great vulnerabilities. I wanted to bring couple examples of OAuth misconfiguration and Open redirect.

Open redirection in OAuth

The attacker saw the chance to achieve different kind of ways to redirect an OAuth app to an attacker’s app. In that way the attacker can be able to steal credentials or even obtain account take overs.

Takeaways

Take in mind the error messages and parameters in the OAuth application.

Full Account Takeover via Referer Header (OAuth token Steal, Open Redirect Vulnerability Chaining)

The attacker was able to obtain full account take over due to the uri redirect parameter and the referer header which contains the address of a previous page. If the sever will redirect to the attacker’s server, the attacker will obtain the address from the referer which contains the OAuth token being transmitted in the GET request.

Leave a comment