The main threat is token scanning attacks, but there isn't much ... • Aaron Parecki

59°F

Huzaifa Muhammad https://twitter.com/huzayyfah • Dec 23
In situations where introspection endpoint is left open and un-throttled, how can a researcher exploit such vulnerability ? I could not find such stuff with google search.

The main threat is token scanning attacks, but there isn't much difference between scanning the introspection endpoint or a resource server at that point. That said, the introspection endpoint is supposed to require authentication according to https://tools.ietf.org/html/rfc7662#section-4

Portland, Oregon • 41°F

Wed, Dec 23, 2020 11:33am -08:00

1 like 2 replies
- Huzaifa Muhammad
Have you written a response to this? Let me know the URL:
- Huzaifa Muhammad twitter.com/huzayyfah
  
  Hi Aaron. I came across a client using redirect uri like this: redirect_uri=storageRelay//https:// And I was unable to see their auth code. Are they hiding their code?
  
  Wed, Dec 30, 2020 8:13am +00:00 (via brid-gy.appspot.com)
- Huzaifa Muhammad twitter.com/huzayyfah
  
  sometimes you need to craft a payload in an iframe so that when a victim clicks you get his leaked code. Do I need a server where I get notified that victim has clicked my malicious payload ? And any idea about how to build such a server ? I couldnt get that with a google search
  
  Fri, Dec 25, 2020 1:33pm +00:00 (via brid-gy.appspot.com)

Posted in /replies using monocle.p3k.io