⚠️ Pracivo Security Lab — Weak JWT (secret="secret"), alg:none bypass, mass assignment on /profile/<id>, GraphQL introspection
B
bob
45 followers
Role: user
Bob here

Edit Profile

Hint: Add a hidden field <input name="role" value="admin"> to the form and submit — mass assignment lets you change your own role.