Brettfori.haxxi.haxx.ccยทFeb 20, 2023Loose OAuth Callback URL Matching Leaks Response Codes in GitHubBelow discusses a vulnerability I found in GitHub's OAuth Integration. This affects both Github.com and GitHub Enterprise. TL;DR An attacker that can control the subdomain of a domain used in the Authorization callback URL when configuring OAuth inte...48 readsoauthAdd a thoughtful commentNo comments yetBe the first to start the conversation.
