ENXF NET
Administrator
Staff member
Administrator
Moderator
+Lifetime VIP+
S.V.I.P.S Member
S.V.I.P Member
V.I.P Member
Collaborate
Registered
- Joined
- Nov 13, 2018
- Messages
- 28,804
- Points
- 823
For any valid OAuth client Applications in Xenforo, when requesting the authorization endpoint
Here are my current solutions:
extend the XFCP_OAuth2 with code
PHP:
Read more
Continue reading...
/oauth2/authorize. Attacker can submit any scope parameter. Xenforo does not check whether the scope is allowed for access by this OAuth client. After authorization, the obtained Access token has corresponding API permissions. “Allowed scopes” in the OAuth2 client options do not restrict the client's permissions.Here are my current solutions:
extend the XFCP_OAuth2 with code
PHP:
$clientId...Read more
Continue reading...