SAML roulette: the hacker always wins
- Added on 2025-03-19
- Page: https://portswigger.net/research/saml-roulette-the-hacker-always-wins
- See on Internet Archive
- #saml #red #xml #security
Introduction In this post, we’ll show precisely how to chain round-trip attacks and namespace confusion to achieve unauthenticated admin access on GitLab Enterprise by exploiting the ruby-saml library