⚠️ Pracivo Security Lab — Weak JWT (secret="secret"), alg:none bypass, mass assignment on /profile/<id>, GraphQL introspection
R
ram
0 followers
Role: user
Pracivo student

Edit Profile

Hint: Add a hidden field <input name="role" value="admin"> to the form and submit — mass assignment lets you change your own role.