In this video, we cover Lab #1 in the OAuth Authentication Attacks module of the Web Security Academy. This lab uses an OAuth service to allow users to log in with their social media account. Flawed validation by the client application makes it possible for an attacker to log in to other users' accounts without knowing their password.

To solve the lab, log in to Carlos's account. His email address is [email protected].

You can log in with your own social media account using the following credentials: wiener:peter.

▬ 🔗 Links 🔗 ▬▬▬▬▬▬▬▬▬▬

Web Security Academy Exercise Link: https://portswigger.net/web-security/oauth/lab-oauth-authentication-bypass-via-oauth-implicit-flow

Notes.txt document: https://github.com/rkhal101/Web-Security-Academy-Series/blob/main/oauth-vulnerabilities/lab-01/notes.txt