Misconfiguration OAuth Lead Account Takeover #Part 2

Assalamuallaikum Wr.Wb

Hello friends
After a few days ago I made an article about Misconfiguration OAuth Lead Account Takeover for part 1, this time I will make another article with the same title but in part 2, if you still haven’t read my article part 1, please read the article here. Misconfiguration OAuth Lead Account Takeover #Part 1

Broadly speaking, part 1 and part 2 are almost the same, only in part 2, more parameters are taken from OAuth to be registered on the website.

Prepare the burpsuite tools to intercept data to make changes to the data request.

After the tools are prepared, first click the menu to do OAuth on the website.

After being clicked, look very carefully at the data taken when using OAuth, for the cases I found I saw the data as follows.

It is known that when doing OAuth there are some parameters that are not protected, for example the email parameter which the attacker can change to the victim’s email.
then I looked for information on the website, and got on the web, there was an email that was at the company, so I immediately tried to do a takeover account.

Then I just changed the email which was originally pentester@gmail.com to email support@redacted.com and as a result, I managed to do an account takeover.

Maybe that’s all I can convey in this article, I hope this article is useful for all of you. Thank you.

Wassalamuallaikum Wr.Wb