Leakage of third-party OAuth token via redirect

Description The application allows the usage of third-parties to store the files, such as Google Drive, Github, Gitlab, etc. It's possible to bypass the protection of the redirect parameter and redirect the user and the OAuth token to an attacker controlled site. Proof of Concept 1. An attacker...

Remember once for Twitter Periscope API interesting digging experience-vulnerability warning-the black bar safety net

! Recently, I was on Twitter the Periscope service found a loophole. This is a CSRF（cross-site request forgery）vulnerability, although this vulnerability is not considered high-risk vulnerabilities, but found that the vulnerability of the whole process I think is very worth to share with you. Jus...