OAuth and PostMessage
Chaining misconfigurations for your access token.
Tl;dr: An OAuth misconfiguration was discovered in the redirect_uri parameter at the target’s OAuth IDP at https://app.target.com/oauth/authorize, which allowed attackers to control the path of the callback endpoint using the...
[Read More]