{"id":27859778,"url":"https://github.com/melonattacker/oauth-exploit-lab","last_synced_at":"2025-05-04T17:07:42.627Z","repository":{"id":58309770,"uuid":"528834362","full_name":"melonattacker/oauth-exploit-lab","owner":"melonattacker","description":"Lab to understand OAuth v2 vulnerabilities and attack techniques.","archived":false,"fork":false,"pushed_at":"2022-11-20T15:37:01.000Z","size":88,"stargazers_count":8,"open_issues_count":2,"forks_count":2,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-05-04T17:07:24.177Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/melonattacker.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2022-08-25T12:10:15.000Z","updated_at":"2025-01-24T12:47:22.000Z","dependencies_parsed_at":"2023-01-22T14:30:44.519Z","dependency_job_id":null,"html_url":"https://github.com/melonattacker/oauth-exploit-lab","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/melonattacker%2Foauth-exploit-lab","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/melonattacker%2Foauth-exploit-lab/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/melonattacker%2Foauth-exploit-lab/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/melonattacker%2Foauth-exploit-lab/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/melonattacker","download_url":"https://codeload.github.com/melonattacker/oauth-exploit-lab/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252369014,"owners_count":21736878,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-05-04T17:07:41.925Z","updated_at":"2025-05-04T17:07:42.604Z","avatar_url":"https://github.com/melonattacker.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# oauth-exploit-lab\nLab to understand OAuth v2 vulnerabilities and attack techniques.\n\n## Base environment\nBase implementation of OAuth v2 and this is the base environment of excercise. You can access from [here](./base).\n\n## Exercise\nThis is exercises where you can learn various vulnerabilities that occur in OAuth implementations and how to exploit them.\n\n| exercise | vulnerability | \n| ---- | ---- |\n| [ex1](./exercise/ex1) | CSRF | \n| [ex2](./exercise/ex2) | Open redirect | \n| [ex3](./exercise/ex3) | Host header injection | \n| [ex4](./exercise/ex4) | Scope upgrade | \n| [ex5](./exercise/ex5) | XSS + Directory traversal | \n| [ex6](./exercise/ex6) | HTML injection + Directory traversal | \n| [ex7](./exercise/ex7) | Scope upgrade: abusing re-release tokens | \n| [ex8](./exercise/ex8) | Race condition in authorization code | \n| [ex9](./exercise/ex9) | XSS + Weak user validation | \n\nImprementing other excercises...\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmelonattacker%2Foauth-exploit-lab","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmelonattacker%2Foauth-exploit-lab","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmelonattacker%2Foauth-exploit-lab/lists"}