@1nsomn1a-1102.bsky.social
Here are my attempts:
1. Trying to redirect to /profile/ATTACKER-ID with my own avatar URL for leaking the code via Referer header.
2. Trying to redirect to /profile/victim with my own avatar URL, which is updated via the POST /user endpoint, and leaking the code via the Referer header.
1. Trying to redirect to /profile/ATTACKER-ID with my own avatar URL for leaking the code via Referer header.
2. Trying to redirect to /profile/victim with my own avatar URL, which is updated via the POST /user endpoint, and leaking the code via the Referer header.
July 27, 2025 at 4:25 AM
Here are my attempts:
1. Trying to redirect to /profile/ATTACKER-ID with my own avatar URL for leaking the code via Referer header.
2. Trying to redirect to /profile/victim with my own avatar URL, which is updated via the POST /user endpoint, and leaking the code via the Referer header.
1. Trying to redirect to /profile/ATTACKER-ID with my own avatar URL for leaking the code via Referer header.
2. Trying to redirect to /profile/victim with my own avatar URL, which is updated via the POST /user endpoint, and leaking the code via the Referer header.
I'm solving the OAuth Labs collection and just came up with Lab 3. However, as far as I know, there is no walkthrough for this lab, and I really want to solve it.
July 27, 2025 at 4:25 AM
I'm solving the OAuth Labs collection and just came up with Lab 3. However, as far as I know, there is no walkthrough for this lab, and I really want to solve it.