Published on

Turn $500 into $10k by focusing on more impact. #bugbounty #github #oauth #owasptop10 #techtok #info

Turn $ 500 into $ 10k by Focusing on More Impact

GitHub recently shared a fascinating example that illustrates the difference between a $ 500 security vulnerability and a $ 10,000 one.

Understanding Open Redirect

An open redirect is a type of bug that allows attackers to redirect the target to any website of their choosing. However, it's rare to see an open redirect cause significant impact.

The GitHub Scenario

In GitHub's OAuth flow, the domains allowed for redirection are set to avoid security risks. Typically, an open redirect in this setting would be classified as a lower-impact vulnerability, worthy of only about $ 500 in bug bounty rewards.

The Researcher's Smart Move

A bug bounty researcher identified that since his domain was already trusted, he could manipulate this open redirect within GitHub's OAuth flow. By doing a double redirect, he successfully landed the OAuth token on an attacker-controlled domain. This increased the potential impact of the bug exponentially.

The Reward

For increasing the impact of the vulnerability, the researcher was awarded $ 10,000 instead of just $ 500.

Further Reading

The researcher did an impressive write-up about this discovery on his blog, which is well worth the read.

Keywords

  • Security vulnerability
  • Open redirect
  • OAuth
  • GitHub
  • Bug bounty
  • Double redirect
  • High-impact vulnerability

FAQ

Q: What is an open redirect? A: An open redirect is a bug that allows for redirection to any website of the attacker's choosing.

Q: How was the vulnerability in GitHub’s OAuth flow exploited? A: The researcher used a trusted domain to manipulate the OAuth flow, creating a double redirect that ultimately landed an OAuth token on an attacker-controlled domain.

Q: Why did the researcher receive a $ 10,000 payout? A: By increasing the impact of a typically low-impact vulnerability, the researcher demonstrated a significant security risk, thus earning a higher reward.

Q: Where can I read more about this case study? A: The researcher has a detailed write-up on his blog, where the case is explained thoroughly.

Read More