Open Redirect Vulnerability in OAuth Flow Leading to Potential Phishing Attack

## Summary: An open redirect vulnerability exists in the OAuth flow on lichess4545.com. By manipulating the redirect_uri parameter during the OAuth authorization process with Lichess, an attacker can redirect users to an arbitrary external domain (e.g., example.com) after login. This could be exploited for phishing or other malicious purposes. ## Steps To Reproduce: 1. Navigate to `https://www.lichess4545.com/blitzbattle/` and log into your test account 2. Notice that you are redirected to `https://lichess.com`, and you're requested to complete OAuth after logging in. 3. In the OAuth URL, there is a redirect_uri parameter. Change this from`redirect_uri=https://www.lichess4545.com/auth/lichess/` to `redirect_uri=https://example.com/auth/lichess/` 4. Now Click "Authorize". This will redirect you to `https://example.com/` ## Supporting Material/References: The steps with pictures are provided down below. 1. Navigate to https://www.lichess4545.com/blitzbattle/` and log into your test account {F4264346} 2. Notice that you are redirected to `https://lichess.com`, and you're requested to complete OAuth after logging in. {F4264361} 3. In the OAuth URL, there is a redirect_uri parameter. Change this from`redirect_uri=https://www.lichess4545.com/auth/lichess/` to `redirect_uri=https://example.com/auth/lichess/` {F4264353} Changed to the redirect below {F4264355} 4. Now Click "Authorize". This will redirect you to `https://example.com/` {F4264362} * attachments / references Open Redirect reference from OWASP top 10: https://owasp.org/Top10/A01_2021-Broken_Access_Control/ CWE-MITRE https://cwe.mitre.org/data/definitions/601.html We understand that this program does not offer monetary rewards for vulnerability submissions. However, we would greatly appreciate it if a Letter of Recommendation or a brief confirmation of responsible disclosure could be provided, if possible. This would be incredibly helpful as I continue to build experience in security research. Thank you for your time and consideration. I have also seen this program does not have an option to involve a collaborator, Can you please add https://hackerone.com/lict101 to this report as a collaborator please? Thank you. ## Impact An attacker can exploit the open redirect in the OAuth `redirect_uri` parameter to redirect users to a malicious domain after authentication. This can be used for phishing, stealing OAuth tokens (if combined with other attacks), or tricking users into thinking they’re interacting with a trusted site. Since the redirect occurs after a legitimate login process, it significantly increases the credibility of the phishing attempt.