← All Labs
OAuth — Open Redirect on redirect_uri
AuthHub validates the OAuth redirect_uri with a substring match — 'must contain trustedclient.com'. The check is naive. Find a redirect_uri that passes the check but ships the OAuth code to your attacker domain.