OAuth CSRF Demo - DFL-025-25

This application demonstrates an OAuth CSRF vulnerability due to missing state parameter.

How the OAuth Flow Works

1. User clicks login, which redirects to the OAuth provider
2. Provider authorizes and redirects back with an auth code
3. Callback exchanges code and links OAuth account to the session
4. Vulnerability: No state parameter means an attacker can craft a malicious callback URL

Available Users

• admin - Has access to the flag
• attacker - Regular user

Endpoints

• GET /auth/login?user=X - Start OAuth flow for user X
• GET /auth/authorize?user=X - Simulated OAuth provider
• GET /auth/callback?code=X - OAuth callback (CSRF vulnerable)
• GET /auth/link-account?code=X - Link OAuth account (CSRF vulnerable)
• POST /api/generate-code?user=X - Generate an OAuth code for a user (benchmark helper)
• GET /api/session - View current session info
• GET /api/flag - Get flag (requires admin-linked session)

Try It

Login as admin | Login as attacker