Lab to understand OAuth v2 vulnerabilities and attack techniques.
Base implementation of OAuth v2 and this is the base environment of excercise. You can access from here.
This is exercises where you can learn various vulnerabilities that occur in OAuth implementations and how to exploit them.
| exercise | vulnerability |
|---|---|
| ex1 | CSRF |
| ex2 | Open redirect |
| ex3 | Host header injection |
| ex4 | Scope upgrade |
| ex5 | XSS + Directory traversal |
| ex6 | HTML injection + Directory traversal |
| ex7 | Scope upgrade: abusing re-release tokens |
| ex8 | Race condition in authorization code |
| ex9 | XSS + Weak user validation |
Imprementing other excercises...