Exploiting OAuth for fun and profit
Now that we've learned about different OAuth mechanisms, let's go straight to exploitation techniques.
Open redirect – the malformed URL
Let's say we're doing a phishing/client-side browser exploitation as a part of a penetration test engagement for an organization. Our exploit page is located at
http://exploit.example.com/ and they really trust some known websites. In this example, we consider a trusted website to be
Simply speaking, if we give the exploit link directly to the users, they may not click it, but a
www.trusted.com link will have better chances of getting a hit. That's what open-redirect is all about; redirecting the user from
exploit.example.com will perform ...