valorin, 8 months ago

One of my favourite (and oh so simple) hacker tricks is to abuse JSON support in APIs and pass TRUE instead of the actual API key. If the code does loose comparison, you don't need the key! 😎 😈 🍿
https://securinglaravel.com/p/security-tip-type-juggling #PHP #Laravel