1. Web Security Academy
  2. OAuth authentication
  3. Lab

Lab: Forced OAuth profile linking


This lab gives you the option to attach a social media profile to your account so that you can log in via OAuth instead of using the normal username and password. Due to the insecure implementation of the OAuth flow by the client application, an attacker can manipulate this functionality to obtain access to other users' accounts.

To solve the lab, use a CSRF attack to attach your own social media profile to the admin user's account on the blog website, then access the admin panel and delete Carlos.

The admin user will open anything you send from the exploit server and they always have an active session on the blog website.

You can access your own accounts with the following credentials:

  • Blog website account: wiener:peter
  • Social media profile: peter.wiener:hotdog