In this class and the next few classes we're going to focus on OAuth vulnerabilities.

OAuth is generally used to allow users to log into websites without having to sign up to this website and without having to fill any forms on it.

The way this works usually assuming that this is the website that the target user wants to log into.

It would have a social login button, so it could be a login with facebook or google or twitter.

We've all seen them.

Once the user clicks on the social login button, the website is going to display a pop up for the social network or for the website that they chose to log in with assuming it's google.

They'll get a pop up window that will ask them to log into google.

This window is displayed to the user.

The user will then have to log into this website with their own account that they already have on this website.

And if they enter the correct information, the social website will return a access token to the website that they want to log into.

Then the target website or the website that they want to log into will communicate with the social website using the access token and retrieve the user data and use it on this website to set up an account or to log in the user to this website.

So as a result this user did not have to fill any forms.

They did not have to manually sign up to this website.

All of the data is being pulled from the social website that the user already has an account on and has already authenticated to using the access token.

So let me show you an example of a website that implements social login just to make it clearer and then we will talk about how to exploit it.

Now you've probably used this many times yourself, you would go to a website and click on the sign up or the sign in button and instead of filling up your information in the fields that the website gives you, you would see an option to log in with google, facebook, twitter or any other account that you might have on a different website.

The reason why websites offer this functionality because most people are lazy and they might be turned off by the sign up process.

Therefore by allowing them to sign in with an account that they already have on a different website, they would make creating an account on their website much easier.

So in here, now, instead of having to fill up this whole form we can just click on sign up with google and then sign in with my google account.

So as you can see I got redirected to google to sign into my google account.

I'm not signing into my website yet and once you do that you'll see that you'll get redirected back to the original website that you are trying to create an account with and it will either allow you to create an account straight away or in many cases you'll simply just sign into the website.

So as you can see now I can go to my profile and it already has the correct information about me like my name and my location and so on.

I didn't feel any of this information in the sign up field as you've seen.

But this website was able to get it all from my google account because I authenticated them and I allowed them to extract all of this information from the account that I already have with the social account on google.

Now, all our vulnerabilities are very, very serious.

Actually, before deploying the security we carried out a pen test and we discovered one in a plug in that we were using.

It was called Omni orange if I remember correctly.

And that plug in was used by more than 30,000 websites.

And as a result of this vulnerability, we were able to log in as any account that is registered on the website on the web application including the administrator account.

So once we discovered this vulnerability we would have been able to log in as admin to over 30,000 websites all because they were vulnerable to an OAuth vulnerability.

So this is a very serious vulnerability when discovered it could allow any user to log in like any other user or as an administrator which would compromise pretty much the whole website.