2 Videos for OAuth2: Predictable State

PTLAB

PRO

Tier

PTLAB

Hard

PTLAB

2-4 Hrs.

PTLAB

268

PTLAB

Authentication / Authorization Badge

Access to videos for this exercise is only available with PentesterLab PRO GOPRO

OAuth2 predictable state: Introduction

This video provides an introduction for the OAuth2 predictable state challenge

07:21

634

Source code

index.html


<script>
  window.addEventListener("message", function(event){
    check = new RegExp(".pentesterlab.com$");
    if (check.test(event.origin)) {
        do_something_sensitive();
    } else {
      return;
    }
  });
</script>

image of exercise OAuth2 Predictable State: Exploitation

Access to videos for this exercise is only available with PentesterLab PRO GOPRO

Spoiler

OAuth2 Predictable State: Exploitation

This video covers the exploitation of theOAuth2 Predictable State challenge

12:48

754