Support SimpleSAMLphp Nov2019 auth bypass vulnΒ #47
Description
The popular SAML library SimpleSAMLphp had an auth bypass vuln in Nov 2019 here. This is a novel XSW attack that could be added into SAMLRaider functionality. I was able to manually replicate and exploit the vulnerability in a few vulnerable applications and can walkthrough the specifics. I don't know Java very well though - I'm a python developer. Maybe I can hack up some code and submit a PR to do this myself over Christmas break this year...