By | December 23, 2020

In this article, we are telling you about OAuth 2.0 authentication vulnerability. You can also call it Oauth 2.0 authorization. You may have heard its name for the first time.

Because there is not much talk about OAuth 2.0 authentication vulnerability as well, you get a lot of work articles and videos about it on youtube and google as well, so not everyone knows about it

But we are telling you about yaha OAuth 2.0 authentication vulnerability in detail as well as labs of OAuth 2.0 authentication vulnerability.

Here you want to clear one thing. A few days ago you did not find the labs of OAuth 2.0 authentication vulnerability in portswigger, but now you get its labs.

Note – This article is only for educational purpose. Don’t miss use your knowledge and skills.

OAuth 2.0 authentication Vulnerability ?

Before going practical about OAuth 2.0 authentication vulnerability here, you should know what it is. Let’s tell you about it, this is an interesting topic.

As we know, we get the option to login with social media account in almost all types of websites, like you must have seen many times like login with gmail or login with facebook.

Phishing tool for social media hacking

How to hack social media account

OAuth 2.0 authentication

In such a case, if this feature is created using OAuth 2.0 authentication in that website, in such a situation, if the web developer made any mistake there, there are chances that a hacker can access the accounts of normal user.

Let’s try to understand it by quotation, as there is a website on which you want to do bug hunting, in that case you get the option of login with gmail or login with facebook

OAuth 2.0 authentication

In such a situation, you can try to find OAuth 2.0 authentication vulnerability on that website, here it can also be used for CSRF attack or SSRF attack, about which you have already been told in detail.

Cross site request forgery csrf attack

Server side request forgery ssrf

Now here the user gets access to the website upon login, here that website gives the normal user permission to access his features without any login username and password.

https://portswigger.net/web-security/oauth

OAuth 2.0 authentication Vulnerability Labs?

Let us now tell you by solving its labs, when you solve its labs, in this way you understand yourself how this bug works on a website, here first you have to run the burp suite.

https://portswigger.net/web-security/oauth/lab-oauth-authentication-bypass-via-oauth-implicit-flow

OAuth 2.0 authentication

After doing all this, you have to access the lab, how the burp suite is normally run, we have told you all this in an earlier article, if you have not read our articles, you can also read them.

OAuth 2.0 authentication

After accessing lab, first of all you have to login, you also get the information to login as well as lab, as you can see in the image, you also have to login with social media in this way.

OAuth 2.0 authentication

After doing all this, you get url show in http history in burp suite, which we have to use as you can see in the image, you will also show something similar after login.

After doing all this, you get another url address here as you can see in the image, here you have to login properly here, only then you show the url in burpsuite like this.

OAuth 2.0 authentication

As you can see in the image, you have to send the authenticate request to the repeater in this way, as you can see in the image, you are getting the login account email show here.

Here we have to send the request to the carlos account by sending an email, if you get a response, then you can say that you have got access to the carlos account and your lab has been solved.

OAuth 2.0 authentication

After doing all this, you have to right click on the request and go to the request in browser option, there you get a url like this, you have to copy and paste this url in the browser.

OAuth 2.0 authentication

Here you will be able to see that you have logged in with the carlos user and your lab has been solved as you can see in the image, you have also shown a message of congratulations here.

https://portswigger.net/web-security/oauth/lab-oauth-forced-oauth-profile-linking

OAuth 2.0 authentication

In the same way, you can solve its other lab as well, like we had accessed the lab first to solve the earlier lab, similarly you have to access the lab by running the burp suite first here too.

OAuth 2.0 authentication

Here you get two options after accessing the lab, you have to just login here first as you can see in the image, here you get the option of login with social media and simple login.

How to use burp suite

OAuth 2.0 authentication

After simple login here, you get the option of attach social media as you can see in the image, in the same way you also get to see many times in real websites, you have to attach social media account here.

OAuth 2.0 authentication

As you can see in the image, you also have to attach social media account here, you get all this login information with labs only, so do not get confused in any way.

After doing all this, you will be able to see when you logout from your account, in such a way when you login again with social media, in such a way you are automatically logged in with your account.

After doing all this you get the url in http history in the burp suite as you can see in the image but here you can see you are told here in the lab that you capture the request live

OAuth 2.0 authentication

But when we solved this lab, in such a way that we did not get the response code on live capture, we used repeater when in the lab it has not been said that the request has to be sent to the repeater.

In this way, we sent the request to the repeater, after doing all this, we sent the request without making any change, in such a response, we got the response code as you can see in the image.

After doing all this, you have to go to the exploit server, there you have to set the i frame in this way, here if you do not get this code by capturing live, then you also use repeater.

After doing all this, you have to deliver exploit to victim. After doing all this, you have to logout again. After logout you have to login with social media.

In such a way, you will be able to see the admin panel as you can see in the image, when it was not showing the admin panel in any way before, here you have to click on the admin panel.

Admin panel find using katanaframework

How to hack website admin panel

Here you get the users show, here you have to delete the carlos user, here, by deleting the user, your lab will solve this, you get more labs, which you can solve by yourself.

Just like you have to delete carlos user in this lab here, you have to delete carlos user in other labs of OAuth 2.0 authentication vulnerability as well but the method is different

As you can see in the image, after doing all this, you have got a message of congratulations, just like you get here on solving some kind of lab, you have also been shown here.

The Conclusion

I hope now you can understand about OAuth 2.0 authentication vulnerability. We have told you here by solving two labs of OAuth 2.0 authentication vulnerability.

Here you get more labs of OAuth 2.0 authentication vulnerability which you can solve by yourself and see as you have been told we had a problem to solve labs here.

In this way, we have solved this lab by removing the response code in another way, in the same way you also have problems in all kinds of attacks, in such a way, if you have knowledge, you can easily solve all the problems.

If you have any kind of problem in solving labs of OAuth 2.0 authentication vulnerability, then you can ask in the comment, you get very little space by solving its labs, because these labs have already been added.

If you like this article with our OAuth 2.0 authentication vulnerability, then you must share it, we have shown you everything here practically, just like you have to find bugs in real website too.

Subscribe to our blog for latest updates

Sharing is Caring

Thankyou

Share This:

Leave a Reply

Your email address will not be published. Required fields are marked *