50

Authentication feature was only checking the length of the auth header instead of the actual content. I abused this to make a request to our API from inside our system with a junk header, so we were basically hacking ourselves...

Comments
Add Comment