New attacks on OAuth: SSRF by design and Session Poisoning by https://twitter.com/artsploit: https://t.co/MCjIDMQg3q?amp=1
