|
|
|
|
|
|
by maxboone
57 days ago
|
|
|
How does that work, when you add an OAuth app, the resulting tokens are specific to that app having a certain set of permissions? It's not a new attack vector as in giving too many scopes (beyond the usual "get personal details"). I am curious how this external OAuth app managed to move through the systems laterally. |
|
|