In situations where introspection endpoint is left open and un-throttled, how can a researcher exploit such vulnerability ? I could not find such stuff with google search.
The main threat is token scanning attacks, but there isn't much difference between scanning the introspection endpoint or a resource server at that point. That said, the introspection endpoint is supposed to require authentication according to https://tools.ietf.org/html/rfc7662#section-4
sometimes you need to craft a payload in an iframe so that when a victim clicks you get his leaked code. Do I need a server where I get notified that victim has clicked my malicious payload ? And any idea about how to build such a server ? I couldnt get that with a google search