The Fragile Lock: Novel Bypasses For SAML Authentication

TLDR This post shows how to achieve a full authentication bypass in the Ruby and PHP SAML ecosystem by exploiting several parser-level inconsistencies: including attribute pollution, namespace confusi

---
来源: PortSwigger
原文链接: https://portswigger.net/research/the-fragile-lock