Karthikeyan Nagaraj25.1 Lab: Web cache poisoning with an unkeyed headerThis lab is vulnerable to web cache poisoning because it handles input from an unkeyed header in an unsafe way. An unsuspecting user…3 min read·12 hours ago----
Karthikeyan Nagaraj22.6 Lab: JWT authentication bypass via kid header path traversalThis lab uses a JWT-based mechanism for handling sessions. In order to verify the signature, the server uses the kid parameter in JWT…2 min read·1 day ago----
Karthikeyan Nagaraj22.5 Lab: JWT authentication bypass via jku header injectionThis lab uses a JWT-based mechanism for handling sessions. The server supports the jku parameter in the JWT header. However, it fails to…3 min read·1 day ago----
Karthikeyan Nagaraj22.4 Lab: JWT authentication bypass via jwk header injectionThis lab uses a JWT-based mechanism for handling sessions. The server supports the jwk parameter in the JWT header. This is sometimes use d…3 min read·3 days ago----
Karthikeyan Nagaraj22.3 Lab: JWT authentication bypass via weak signing keyThis lab uses a JWT-based mechanism for handling sessions. It uses an extremely weak secret key to both sign and verify tokens. This can be…2 min read·4 days ago----
Karthikeyan Nagaraj21.5 Lab: Stealing OAuth access tokens via an open redirect | 2024This lab uses an OAuth service to allow users to log in with their social media accounts. Flawed validation by the OAuth service makes it…3 min read·5 days ago----
Karthikeyan Nagaraj21.4 Lab: OAuth account hijacking via redirect_uri | 2024This lab uses an OAuth service to allow users to log in with their social media account. A misconfiguration by the OAuth provider makes it…3 min read·6 days ago----
Karthikeyan Nagaraj21.3 Lab: SSRF via OpenID dynamic client registration | 2024This lab allows client applications to dynamically register themselves with the OAuth service via a registration endpoint. Some…3 min read·May 14, 2024----
Karthikeyan Nagaraj21.2 Lab: Forced OAuth profile linking | 2024This lab gives you the option to attach a social media profile to your account so that you can log in via OAuth instead of using the normal…3 min read·May 13, 2024----
Karthikeyan Nagaraj24.15 Lab: HTTP request smuggling, obfuscating the TE header | 2024This lab involves a front-end and back-end server, and the two servers handle duplicate HTTP request headers in different ways. The…2 min read·May 12, 2024--1--1