Saml Misconfiguration

R3zk0n ยท October 2, 2025

Evasion
Contents

    SAML Misconfiguration

    Introduction

    https://www.youtube.com/watch?v=uD87fLN1zPU

    • No signature verification
    • Bypass signature verification using non-existent user
    • Comment injection
    • SAML Replay and XXE

    https://www.youtube.com/watch?v=B9wOfeFtjXk

    Twitter, Facebook