Day 27 comes with a pretty interesting attack called “Pixel that steals your data” and Vulnerability chaining such as Open Redirect and OAuth misconfiguration.
Pixel that steals your data
OAuth and Open redirect
From Sam (CoffeeJunkie). Open redirect is one of my favorites vulnerabilities because it looks so simple, but if the escalation is possible, it can lead to other great vulnerabilities. I wanted to bring couple examples of OAuth misconfiguration and Open redirect.
The attacker saw the chance to achieve different kind of ways to redirect an OAuth app to an attacker’s app. In that way the attacker can be able to steal credentials or even obtain account take overs.
Take in mind the error messages and parameters in the OAuth application.
The attacker was able to obtain full account take over due to the uri redirect parameter and the referer header which contains the address of a previous page. If the sever will redirect to the attacker’s server, the attacker will obtain the address from the referer which contains the OAuth token being transmitted in the GET request.