https://github.com/melonattacker/oauth-exploit-lab

Lab to understand OAuth v2 vulnerabilities and attack techniques.
https://github.com/melonattacker/oauth-exploit-lab

Last synced: about 1 year ago
JSON representation

Lab to understand OAuth v2 vulnerabilities and attack techniques.

• Host: GitHub
• URL: https://github.com/melonattacker/oauth-exploit-lab
• Owner: melonattacker
• License: mit
• Created: 2022-08-25T12:10:15.000Z (almost 4 years ago)
• Default Branch: main
• Last Pushed: 2022-11-20T15:37:01.000Z (over 3 years ago)
• Last Synced: 2025-05-04T17:07:24.177Z (about 1 year ago)
• Language: Python
• Homepage:
• Size: 85.9 KB
• Stars: 8
• Watchers: 1
• Forks: 2
• Open Issues: 2
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# oauth-exploit-lab

Lab to understand OAuth v2 vulnerabilities and attack techniques.

## Base environment

Base implementation of OAuth v2 and this is the base environment of excercise. You can access from [here](./base).

## Exercise

This is exercises where you can learn various vulnerabilities that occur in OAuth implementations and how to exploit them.

|  exercise  |  vulnerability  | 

| ---- | ---- |

|  [ex1](./exercise/ex1)  |  CSRF  | 

|  [ex2](./exercise/ex2)  |  Open redirect  | 

|  [ex3](./exercise/ex3)  |  Host header injection  | 

|  [ex4](./exercise/ex4)  |  Scope upgrade  | 

|  [ex5](./exercise/ex5)  |  XSS + Directory traversal  | 

|  [ex6](./exercise/ex6)  |  HTML injection + Directory traversal  | 

|  [ex7](./exercise/ex7)  |  Scope upgrade: abusing re-release tokens  | 

|  [ex8](./exercise/ex8)  |  Race condition in authorization code  | 

|  [ex9](./exercise/ex9)  |  XSS + Weak user validation | 

Imprementing other excercises...