skills.homes logoskills.homescapability registry
home/categories/security/wgpsec-aboutsecurity-skills-exploit-oauth-sso-attack-skill-md
cd ..
securitytesting-security

oauth-sso-attack

OAuth 2.0 / SSO / OpenID Connect 认证流程攻击。当目标有「使用 Google/GitHub/微信 登录」按钮、redirect_uri 参数、authorization_code 流程、或 /.well-known/openid-configuration 端点时使用。覆盖 redirect_uri 劫持、state 缺失 CSRF、token 泄露、scope 提升

소스 보기security
wgpsec
maintainer
wgpsec
업데이트됨 4/6/2026
스타
1109
포크
193
quick start

Installation and usage

OAuth 2.0 / SSO / OpenID Connect 认证流程攻击。当目标有「使用 Google/GitHub/微信 登录」按钮、redirect_uri 参数、authorization_code 流程、或 /.well-known/openid-configuration 端点时使用。覆盖 redirect_uri 劫持、state 缺失 CSRF、token 泄露、scope 提升

설치
$ install --globalskills.sh
사용법

설치 후 터미널에서 다음 명령을 실행하여 이 스킬을 사용할 수 있습니다:

skills use oauth-sso-attack