⚠️ Pracivo Security Lab — Weak JWT secret, alg:none bypass, mass assignment on profile update, GraphQL injection.
A
alice
120 followers
Role: user
Hello I am Alice
Edit Profile
Hint: Add a hidden field <input name="role" value="admin"> to the form and submit — mass assignment lets you change your own role.