Lazy Hacker

I was also confused while understanding both concepts, I thought that the Gmail/Facebook credentials that I used to login into abc.com is an OAuth concept but I was wrong. It is the OpenID concept that is working on the OAuth protocol.  So What is OAuth? OAuth = Open Authorization As the name suggests it is “Authorization” which means it’s related to some authorization concept. As the internet grows, the developer needs some concept so that “abc.com” can read the data from “anything.com” without giving the password of anything .com to the abc.com server. It helps in improving the user experience and also increases the business. Let’s explain an OAuth by a simple example: I am sure, we all have seen this type of concept, where we logged into an application (abc.com) by using abc.com credentials and after that, we get the option like import contacts from Gmail. When we click on that hyperlink, it redirects us to Gmail, where it asks for Gmail credentials, and after entering the ...

  I found one logical issue when I was testing. I am directly coming to the test case because there is nothing much here to explain. About the application working: An application had OpenID connect by Gmail and also had a normal registration page (username and password). An application had an email change functionality, where the user could change the email ID to any email ID. One condition was that the email should not be registered previously by a normal registration form. The application was not verifying the user's new email id. Attacker Scenario: Attacker email ID:  attacker@gmail.com Victim email ID:  victim@gmail.com (He has not registered an account in the application till step 2) The attacker created his account by using attacker@gmail.com and logged into the application. The attacker clicked on the change email functionality and mentioned the victim email ID victim@gmail.com. Now, Victim thought to create an account by using OpenID Connect (Gmail SSO). The victi...