Account hijacking chaining abnormal flows in OAuth combined with URL-leaking gadgets
Intentionally triggering abnormal flows in "Sign-in"-functionality using OAuth, combined with various third-party javascript gadgets allows vulnerable scenarios where authorization credentials could leak to an attacker – even without XSS. Frans Rosén, Security Advisor at Detectify goes through different scenarios found in the wild and shows examples and methodologies used to find and exploit these attack chains also affecting some of the larger and more popular bug bounty programs out there.
Frans Rosén is a tech entrepreneur, bug bounty hunter and a Security Advisor at Detectify. He's a frequent blogger at Detectify Labs and a top ranked participant of bug bounty programs.