Brettfori.haxxhaxx.hashnode.netยทFeb 20, 2023Loose OAuth Callback URL Matching Leaks Response Codes in GitHubBelow discusses a vulnerability I found in GitHub's OAuth Integration. This affects both Github.com and GitHub Enterprise. TL;DR An attacker that can control the subdomain of a domain used in the Authorization callback URL when configuring OAuth inte...33 readsoauthAdd a thoughtful commentNo comments yetBe the first to start the conversation.
