The Fragile Lock: Novel Bypasses For SAML Authentication

TLDR This post shows how to achieve a full authentication bypass in the Ruby and PHP SAML ecosystem by exploiting several parser-level inconsistencies: including attribute pollution, namespace confusi

<hr>
<p><small>文章来源: <a href="https://portswigger.net/research/the-fragile-lock" target="_blank">https://portswigger.net/research/the-fragile-lock</a></small></p>