Karthikeyan Nagaraj22.6 Lab: JWT authentication bypass via kid header path traversalThis lab uses a JWT-based mechanism for handling sessions. In order to verify the signature, the server uses the kid parameter in JWT…2 min read·16 hours ago----
Karthikeyan Nagaraj22.5 Lab: JWT authentication bypass via jku header injectionThis lab uses a JWT-based mechanism for handling sessions. The server supports the jku parameter in the JWT header. However, it fails to…3 min read·17 hours ago----
Karthikeyan Nagaraj22.4 Lab: JWT authentication bypass via jwk header injectionThis lab uses a JWT-based mechanism for handling sessions. The server supports the jwk parameter in the JWT header. This is sometimes use d…3 min read·2 days ago----
Karthikeyan Nagaraj22.3 Lab: JWT authentication bypass via weak signing keyThis lab uses a JWT-based mechanism for handling sessions. It uses an extremely weak secret key to both sign and verify tokens. This can be…2 min read·3 days ago----
Karthikeyan Nagaraj21.5 Lab: Stealing OAuth access tokens via an open redirect | 2024This lab uses an OAuth service to allow users to log in with their social media accounts. Flawed validation by the OAuth service makes it…3 min read·4 days ago----
Karthikeyan Nagaraj21.4 Lab: OAuth account hijacking via redirect_uri | 2024This lab uses an OAuth service to allow users to log in with their social media account. A misconfiguration by the OAuth provider makes it…3 min read·5 days ago----
Karthikeyan Nagaraj21.3 Lab: SSRF via OpenID dynamic client registration | 2024This lab allows client applications to dynamically register themselves with the OAuth service via a registration endpoint. Some…3 min read·6 days ago----
Karthikeyan Nagaraj21.2 Lab: Forced OAuth profile linking | 2024This lab gives you the option to attach a social media profile to your account so that you can log in via OAuth instead of using the normal…3 min read·6 days ago----
Karthikeyan Nagaraj24.15 Lab: HTTP request smuggling, obfuscating the TE header | 2024This lab involves a front-end and back-end server, and the two servers handle duplicate HTTP request headers in different ways. The…2 min read·May 12, 2024--1--1
Karthikeyan Nagaraj24.14 Lab: HTTP request smuggling, basic TE.CL vulnerability | 2024This lab involves a front-end and back-end server, and the back-end server doesn’t support chunked encoding. The front-end server rejects…2 min read·May 11, 2024----