Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

SSRF due to misconfiguration in OAuth

By kannthu

Vidoc logoVidoc Module

What is "SSRF due to misconfiguration in OAuth?"

The "SSRF due to misconfiguration in OAuth" module is designed to detect the presence of Server-Side Request Forgery (SSRF) vulnerabilities caused by misconfigurations in OAuth implementations. This module targets software that utilizes OAuth for authentication and authorization. The severity of this vulnerability is classified as medium.

Author: KabirSuda


An SSRF vulnerability in OAuth can allow an attacker to make unauthorized requests to internal resources, potentially leading to information disclosure, remote code execution, or further attacks on the system.

How the module works?

The "SSRF due to misconfiguration in OAuth" module sends a POST request to the endpoint "/connect/register" to check for external interaction. The request includes multiple POST parameters, such as "application_type", "redirect_uris", "client_name", "logo_uri", "subject_type", "token_endpoint_auth_method", and "request_uris".

Example request:

POST /connect/register HTTP/1.1
Host: <Hostname>
Content-Type: application/json
Accept-Language: en-US,en;q=0.9

  "application_type": "web",
  "redirect_uris": ["https://<InteractionURL>/callback"],
  "client_name": "<Hostname>",
  "logo_uri": "https://<InteractionURL>/favicon.ico",
  "subject_type": "pairwise",
  "token_endpoint_auth_method": "client_secret_basic",
  "request_uris": ["https://<InteractionURL>"]

The module includes a matching condition that checks if the "interactsh_protocol" part of the response contains the word "dns". If this condition is met, it indicates the presence of an SSRF vulnerability due to misconfiguration in OAuth.


Metadata: max-request: 1

Module preview

Concurrent Requests (1)
1. HTTP Request template
Raw request
Matching conditions
word: dns
Passive global matcher
No matching conditions.
On match action
Report vulnerability