tl;dr
- Misconfiguration in JWT token validation
- SQL Injection through JWT token
- Insecure Deserialization in .NET leading to RCE using custom class StatusCheckHelper
tl;dr
tl;dr
tl;dr
tl;dr
tl;dr
tl;dr
tl;dr
headers.set
/?user=
to Get XSS at /helloworld
/?user=<PAYLOAD>
and /helloworld
using cache poison or bug in regex(uninteded)tl;dr
/profile/
will not change the nonce tl;dr
tl;dr