1. Executive Summary Vulnerability: Server-Side Request Forgery (SSRF) chained with Open Redirection. Description: The application features a stock checker that is strictly protected by a whiteli...
1. Executive Summary Vulnerability: Server-Side Request Forgery (SSRF) via URL Parsing Inconsistencies. Description: The application attempts to secure its stock check feature by validating the u...
1. Executive Summary Vulnerability: Server-Side Request Forgery (SSRF) with Weak Blacklist Defenses. Description: The application’s stock check feature accepts a user-controlled URL. The develope...
1. Executive Summary Vulnerability: Server-Side Request Forgery (SSRF) targeting internal networks. Description: The application’s stock check feature accepts a user-controlled URL and fetches it...
1. Executive Summary Vulnerability: Server-Side Request Forgery (SSRF). Description: The application features a “stock check” function that fetches data from an internal system. The endpoint rece...
1. Executive Summary Vulnerability: JWT Signature Bypass (Insecure jwk Header Processing). Description: The JSON Web Token (JWT) specification allows for a jwk (JSON Web Key) parameter in the tok...
1. Executive Summary Vulnerability: Weak Cryptographic Key (Brute-Forceable HMAC). Description: The application signs JSON Web Tokens (JWT) using the HS256 algorithm (HMAC + SHA-256). This algori...
1. Executive Summary Vulnerability: JWT Signature Bypass (Algorithm Confusion) & Public Key Derivation. Description: The application expects an asymmetric RS256 signature but fails to enforce...
1. Executive Summary Vulnerability: JWT Signature Bypass (Algorithm Confusion). Description: The application expects a JWT signed with an asymmetric algorithm (RS256) and verifies it using a know...
1. Executive Summary Vulnerability: Path Traversal leading to JWT Signature Bypass. Description: The application uses the kid (Key ID) header in the JWT to locate the correct symmetric verificati...