Stealing OAuth access tokens via a proxy page - Lab#06

Описание: Identifying flawed validation by the OAuth service that makes it possible for an attacker to leak access tokens to arbitrary pages on the client application.
Identifying secondary vulnerability in the client application and use this as a proxy to steal an access token for the admin user's account.
Chaining and exploiting both vulnerabilities and use the access token to obtain the admin's API key and submit the solution using the button provided in the lab banner.