Bug Bounty: OAuth2 vulnerability on Coinbase.com from csrf token Watch Video
Preview(s):
Gallery
Play Video: (Note: The default playback of the video is HD VERSION. If your browser is buffering the video slowly, please play the REGULAR MP4 VERSION or Open The Video below for better experience. Thank you!)
Description: This is a demo of a PoC I wrote exploiting a bug in Coinbase.com's OAuth implementation. It was possible to retrieve the OAuth app authorization form as one user and forward it (along with the CSRF token's etc) to the victim, with Javascript to autosubmit the form. Coinbase was not confirming the form was generated by the victim and so it was possible for an attacker to authorize their malicious app on the users account without their confirmation. All the victim was required to do was view a web
Play Video: (Note: The default playback of the video is HD VERSION. If your browser is buffering the video slowly, please play the REGULAR MP4 VERSION or Open The Video below for better experience. Thank you!)