High-level logic vulnerability
Laboratorio de Portswigger sobre Business Logic Vulnerabilities
Justice-Reaper
Excessive trust in client-side controls
Laboratorio de Portswigger sobre Business Logic Vulnerabilities
JWT authentication bypass via jwk header injection
Laboratorio de Portswigger sobre JWT
JWT authentication bypass via weak signing key
Laboratorio de Portswigger sobre JWT
JWT authentication bypass via flawed signature verification
Laboratorio de Portswigger sobre JWT
JWT authentication bypass via unverified signature
Laboratorio de Portswigger sobre JWT
Referer-based access control
Laboratorio de Portswigger sobre Broken Access Control
Multi-step process with no access control on one step
Laboratorio de Portswigger sobre Broken Access Control
Method-based access control can be circumvented
Laboratorio de Portswigger sobre Broken Access Control
URL-based access control can be circumvented
Laboratorio de Portswigger sobre Broken Access Control