Bug Bounty Hunting things #48

Rootharsh · 2023-03-15T11:37:09Z

No description provided.

ThreatLEVELred · 2024-04-05T13:16:03Z

require "sinatra"
require "dotenv/load"
require "net/http"
require "json"

CLIENT_ID = ENV.fetch("CLIENT_ID")
CLIENT_SECRET = ENV.fetch("CLIENT_SECRET")

def parse_response(response)
case response
when Net::HTTPOK
JSON.parse(response.body)
else
puts response
puts response.body
{}
end
end

def exchange_code(code)
params = {
"client_id" => CLIENT_ID,
"client_secret" => CLIENT_SECRET,
"code" => code
}
result = Net::HTTP.post(
URI("https://github.com/login/oauth/access_token"),
URI.encode_www_form(params),
{"Accept" => "application/json"}
)

parse_response(result)
end

def user_info(token)
uri = URI("https://api.github.com/user")

result = Net::HTTP.start(uri.host, uri.port, use_ssl: true) do |http|
body = {"access_token" => token}.to_json

auth = "Bearer #{token}"
headers = {"Accept" => "application/json", "Content-Type" => "application/json", "Authorization" => auth}

http.send_request("GET", uri.path, body, headers)

end

parse_response(result)
end

get "/" do
link = 'Login with GitHub'
erb link
end

get "CALLBACK_URL" do
code = params["code"]

token_data = exchange_code(code)

if token_data.key?("access_token")
token = token_data["access_token"]

user_info = user_info(token)
handle = user_info["login"]
name = user_info["name"]

render = "Successfully authorized! Welcome, #{name} (#{handle})."
erb render

else
render = "Authorized, but unable to exchange code #{code} for token."
erb render
end
end

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bug Bounty Hunting things #48

Bug Bounty Hunting things #48

Rootharsh commented Mar 15, 2023

ThreatLEVELred commented Apr 5, 2024

Bug Bounty Hunting things #48

Bug Bounty Hunting things #48

Comments

Rootharsh commented Mar 15, 2023

ThreatLEVELred commented Apr 5, 2024