1. Executive Summary Vulnerability: Clickjacking (UI Redressing) combined with Parameter Injection. Description: The application relies on CSRF tokens to protect the “Update email” functionality,...
1. Executive Summary Vulnerability: Clickjacking (UI Redressing). Description: The application relies entirely on CSRF (Cross-Site Request Forgery) tokens to protect state-changing actions like “...
1. Executive Summary Vulnerability: Server-Side Request Forgery (SSRF) chained with Open Redirection. Description: The application features a stock checker that is strictly protected by a whiteli...
1. Executive Summary Vulnerability: Server-Side Request Forgery (SSRF) via URL Parsing Inconsistencies. Description: The application attempts to secure its stock check feature by validating the u...
1. Executive Summary Vulnerability: Server-Side Request Forgery (SSRF) with Weak Blacklist Defenses. Description: The application’s stock check feature accepts a user-controlled URL. The develope...
1. Executive Summary Vulnerability: Server-Side Request Forgery (SSRF) targeting internal networks. Description: The application’s stock check feature accepts a user-controlled URL and fetches it...
1. Executive Summary Vulnerability: Server-Side Request Forgery (SSRF). Description: The application features a “stock check” function that fetches data from an internal system. The endpoint rece...
1. Executive Summary Vulnerability: JWT Signature Bypass (Insecure jwk Header Processing). Description: The JSON Web Token (JWT) specification allows for a jwk (JSON Web Key) parameter in the tok...
1. Executive Summary Vulnerability: Weak Cryptographic Key (Brute-Forceable HMAC). Description: The application signs JSON Web Tokens (JWT) using the HS256 algorithm (HMAC + SHA-256). This algori...
1. Executive Summary Vulnerability: JWT Signature Bypass (Algorithm Confusion) & Public Key Derivation. Description: The application expects an asymmetric RS256 signature but fails to enforce...