Leaking OpenID tokens with “ — the bug right infront of you

Sean (zseano)
May 21 · 3 min read

The Login flow

So, on with the bug. When logging into redacted.com it used an OpenID system which works exactly the same as an Oauth login flow in which it takes a redirectURL and will redirect to that URL upon a successful login. Along with the redirect a token is sent, and as a hacker, I want this token!

Takeaways

There is no right or wrong answer when it comes to hacking. Unless you try, how will you know? I find the majority of my bugs from manually interacting with features and trying to break them and the beauty of hacking is: you can try anything! Literally anything (within reason of course…!)

InfoSec Write-ups

A collection of write-ups from the best hackers in the world on topics ranging from bug bounties and CTFs to vulnhub machines, hardware challenges and real life encounters. In a nutshell, we are the largest InfoSec publication on Medium. #sharingiscaring

Sean (zseano)

Written by

UK WebApp Security Researcher. Creator of https://www.bugbountynotes.com/ — designed to help people learn and get involved with hacking.

InfoSec Write-ups

A collection of write-ups from the best hackers in the world on topics ranging from bug bounties and CTFs to vulnhub machines, hardware challenges and real life encounters. In a nutshell, we are the largest InfoSec publication on Medium. #sharingiscaring