Karthikeyan Nagaraj21.5 Lab: Stealing OAuth access tokens via an open redirect | 2024This lab uses an OAuth service to allow users to log in with their social media accounts. Flawed validation by the OAuth service makes it…3 min read·21 hours ago----
Karthikeyan Nagaraj21.4 Lab: OAuth account hijacking via redirect_uri | 2024This lab uses an OAuth service to allow users to log in with their social media account. A misconfiguration by the OAuth provider makes it…3 min read·2 days ago----
Karthikeyan Nagaraj21.3 Lab: SSRF via OpenID dynamic client registration | 2024This lab allows client applications to dynamically register themselves with the OAuth service via a registration endpoint. Some…3 min read·2 days ago----
Karthikeyan Nagaraj21.2 Lab: Forced OAuth profile linking | 2024This lab gives you the option to attach a social media profile to your account so that you can log in via OAuth instead of using the normal…3 min read·3 days ago----
Karthikeyan Nagaraj24.15 Lab: HTTP request smuggling, obfuscating the TE header | 2024This lab involves a front-end and back-end server, and the two servers handle duplicate HTTP request headers in different ways. The…2 min read·4 days ago--1--1
Karthikeyan Nagaraj24.14 Lab: HTTP request smuggling, basic TE.CL vulnerability | 2024This lab involves a front-end and back-end server, and the back-end server doesn’t support chunked encoding. The front-end server rejects…2 min read·6 days ago----
Karthikeyan Nagaraj24.13 Lab: HTTP request smuggling, basic CL.TE vulnerability | 2024This lab involves a front-end and back-end server, and the front-end server doesn’t support chunked encoding. The front-end server rejects…2 min read·May 10, 2024----
Karthikeyan Nagaraj24.12 Lab: CL.0 request smuggling | 2024This lab is vulnerable to CL.0 request smuggling attacks. The back-end server ignores the Content-Length header on requests to some…3 min read·May 9, 2024----
Karthikeyan Nagaraj24.11 Lab: HTTP/2 request splitting via CRLF injection |2024This lab is vulnerable to request smuggling because the front-end server downgrades HTTP/2 requests and fails to adequately sanitize…3 min read·May 8, 2024----
Karthikeyan Nagaraj24.10 Lab: HTTP/2 request smuggling via CRLF injection | 2024This lab is vulnerable to request smuggling because the front-end server downgrades HTTP/2 requests and fails to adequately sanitize…3 min read·May 7, 2024----