⚠️ Pracivo Security Lab — Weak JWT (secret="secret"), alg:none bypass, mass assignment on /profile/<id>, GraphQL introspection
A
alice
120 followers
Role: user
Hello I am Alice

Edit Profile

Hint: Add a hidden field <input name="role" value="admin"> to the form and submit — mass assignment lets you change your own role.