Tags: oauth web
## Writeup in 30 seconds
1. goto `/profile/1` to know the target is login as `[email protected]`
2. with analyzing you can find the feature that removing `+` in email's name when sending messages
* send to `tes[email protected]` will actually to `[email protected]`
* is this feature exists when login?
2. do port forwarding and use http://127.0.0.1:3000 for connection
3. register an account in dropbox.com with email `[email protected]`
4. login footbook with dropbox oauth
5. you can see the flaaaaaag
## Some interesting things
1. I've tested some oauth providers, only `dropbox.com` gives unauthorized email.
* But Dropbox will say the email is not verified in `extra_info`, don't ignore it!
2. You guys are really creative :p, some interesting fake flags posted on Footbook: