OAuth Login — Google

Simulating connection to Google secure authorization server...

Requested Scope (VULN: User Controlled) read (normal access) read,write (elevated access) admin (escalated privilege!) Full access (maximum escalation)

Authorize & Login

Lab Hint — OAuth Scope Escalation

• Intercept OAuth request in Burp Suite
• Change scope=read to scope=admin
• Server grants admin scope without validation
• Also: no state parameter = CSRF attack possible