Account hijacking chaining abnormal flows in OAuth combined with URL-leaking gadgets

Intentionally triggering abnormal flows in "Sign-in"-functionality using OAuth, combined with various third-party javascript gadgets allows vulnerable scenarios where authorization credentials could leak to an attacker – even without XSS. Frans Rosén, Security Advisor at Detectify goes through different scenarios found in the wild and shows examples and methodologies used to find and exploit these attack chains also affecting some of the larger and more popular bug bounty programs out there.