Oauth Oidc

Overview

OAuth 2.0 / OIDC attacks target misconfigurations in the authorization frameworks. Common issues include CSRF on the redirect URI, code leakage, insufficient redirect URI validation, and token interception.

These attacks can lead to account takeover, authorization code interception, and privilege escalation.

Category: Web — Web application enumeration and exploitation techniques.

Key Commands & Payloads

The following commands and payloads are commonly used when testing for or exploiting Oauth Oidc:

https://app.com/oauth/callback?redirect_uri=https://attacker.com/

https://app.com/oauth/authorize?redirect_uri=https://app.com/redirect?url=https://attacker.com/

(Remove state parameter to test CSRF protection bypass)

Tools & Techniques

Recommended tools for Oauth Oidc:

• Test redirect_uri validation with open redirects and path traversals
• Check for missing state parameter (CSRF vulnerability)
• Test for code leakage through Referer headers
• Verify proper token scope enforcements
• Check client secret exposure in frontend code

Prevention & Mitigation

Security recommendations to prevent Oauth Oidc:

• Always validate redirect_uri against a strict allowlist
• Use the state parameter with a cryptographic nonce
• Use PKCE (Proof Key for Code Exchange) for public clients
• Set short expiration times for authorization codes
• Validate token scopes on the resource server
• Never expose client secrets in frontend code

References

Additional resources:

• https://portswigger.net/web-security/oauth
• https://oauth.net/2/
• https://datatracker.ietf.org/doc/html/rfc6749