This content originally appeared on DEV Community and was authored by Blue Byte
One of the most basic bugs present in insecure OAuth 2.0 implementations is the possibility of redirecting users to an attacker-controlled server by sending their authentication tokens along with it.
Those who are more familiar with OAuth will know that OAuth requests have several parameters, each with a specific functionality. If the configuration is done insecurely, it is possible to manipulate the redirect_uri parameter and assign it arbitrary values. A common defense mechanism is to validate whether the URI begins with the URL of the legitimate domain. However, an attacker simply needs to register a domain that begins with the domain name to bypass this validation.
https://accounts.redacted.com/api/auth?response_type=code&redirect_uri=http%3A%2F%2Fredacted.comattacker.com%2Fapi%2Fauth%2Fcallback&state=REDACTED&client_id=REDACTED&filter_callback=
To mitigate this vulnerability, the best thing to do is to validate the redirect_uri parameter completely, and not just checking if it starts with a specific term.
This content originally appeared on DEV Community and was authored by Blue Byte
Blue Byte | Sciencx (2025-02-19T22:28:28+00:00) Easy Bug: Open-Redirect on OAuth 2.0 redirect_uri param. Retrieved from https://www.scien.cx/2025/02/19/easy-bug-open-redirect-on-oauth-2-0-redirect_uri-param/
Please log in to upload a file.
There are no updates yet.
Click the Upload button above to add an update.