A simplified demo of the oauth 1.0 session fixation vulnerability
Ensure that Docker is installed on your system
- Run the following command in the root directory:
docker compose up
- Visit the consumer client app at http://localhost:4000
- Visit the service provider app at http://localhost:8100
- Stop the Docker containers using the command:
docker compose down
- Remove the containers by using the command:
docker compose rm -f
- Reset the client consumer database by stopping the containers, and running the above command, followed by:
docker volume prune
- Reset the service provider database by deleting all files in the
db/mysql/data
directory
There are 2 branches to this repository. The main
branch which contains the program using the vulnerable version of oauth 1.0, while the 1.0a-Patch
contains the program using patched version of oauth, known as oauth 1.0a.
To view the main branch, use the command:
git checkout main
To view the patched branch, use the command:
git checkout 1.0a-Patch