webPromedium
Lab 69 — TeamPulse — Reflected XSS in OAuth2 Error Callback
hackadvisor
Task: TeamPulse collaboration dashboard with OAuth2 CloudID integration and bug bounty program. Reflected XSS in OAuth callback error_description parameter. Solution: Crafted XSS payload to steal admin cookies via in-band exfiltration using application's own notes API, bypassing external webhook restrictions.
$ ls tags/ techniques/
cookie_exfiltrationreflected_xss_exploitationoauth_callback_injectionin_band_exfiltration
🔒
Permission denied (requires tier.pro)
Sign in to access full writeups
Sign in with GitHub to continue. No email required.
$sign in$ grep --similar
Similar writeups
- [web][Pro]Lab 262 — PulseBoard — JWT Signature Bypass via Google Sign-In— hackadvisor
- [web][Pro]CloudPulse— hackadvisor
- [web][Pro]Lab 53 — TeamPulse — SQL Injection via WebSocket Employee Lookup— hackadvisor
- [web][Pro]Lab 231 — PagePulse — XSS via Web Cache Poisoning— hackadvisor
- [web][Pro]Lab 248 — PulseBoard — Next.js Middleware Authorization Bypass— hackadvisor