Right, that's one way to steal data out of the redirect even if ... • Aaron Parecki

45°F

alianora https://cybre.space/@nightpool • May 2
@aaronpk you linked to "Insufficient Redirect URI Validation" though? maybe i'm just confused about what you were talking about.

Right, that's one way to steal data out of the redirect even if the browser is doing everything right.

The attacker creates a redirect url at the hostname of the real app but uses an endpoint on the app that can then redirect to the attackers app. Chaining the redirects using an open redirector.

San Jose, California • 49°F

Thu, May 2, 2019 4:30pm -07:00

1 reply
Have you written a response to this? Let me know the URL:
- alianora cybre.space/@nightpool
  
  @aaronpk Yep, but in that case the attacker controls the redirect uri right? how can the attacker control the redirect uri without also controlling the pkce secret?
  
  Thu, May 2, 2019 11:33pm +00:00

Posted in /replies using monocle.p3k.io