SAML: Comment Injection II

Bookmarked!

This exercise covers the exploitation of a comment injection vulnerability in SAML

PRO Medium < 1 Hr. 633 Authentication / Authorization Badge

Course

This lab covers the exploitation of an insecure SAML implementation, allowing a malicious user to become another user by manipulating the SAMLResponse from the Identity Provider (IDP). The exercise demonstrates how stripping XML comments can lead to vulnerabilities in Single Sign-On (SSO) systems.

Skills covered

Injection Authentication Cryptography

Included with PRO

Full course content 3 videos

Ready to practice?

Get access to this lab and 600+ hands-on exercises with a PRO subscription.

Go PRO or create a free account