[StreamLabs] Steal access_token via open redirect ($200 USD)
Original Post:
We discussed this vulnerability during Episode 97 on 08 November 2021
StreamLabs would normally only redirect to a set of whitelisted domains approved to recieve the access_token
. The author here put some effort into discovering what domains were approved, and found http://dragynslair.live
was whitelisted, but no longer registered. Any attacker could have registered this domain and received access tokens.