https://stream.echo6.co/videos/watch/38e7ed2c-f605-4578-a453-f0c451c59116 Join Intigriti here: https://go.intigriti.com/ippsec 00:00 - Intro 00:54 - Enumerating the application utilizes Laravel based upon a default cookie name. 01:30 - Jumping into a PHP Interpreter to show off the Type confusion bug. 03:30 - Trying the same thing in Python, Javascript, Ruby, and showing that they aren't vulnerable in this way. 05:30 - Talking about the importance of the Laravel API Middleware 07:30 - Converting the GET request to have JSON Data 08:40 - Changing the JSON Data to pass a boolean for password 09:50 - Bypassing login with type confusion 10:30 - Sponsor highlight Intigriti 12:48 - End of sponsor highlight 13:30 - Looking at the Laravel Code to find where the route is for the custom login function 14:00 - Showing the vulnerable function Mon, 13 Apr 2026 11:58:03 GMT https://validator.w3.org/feed/docs/rss2.html PeerTube - https://stream.echo6.co https://stream.echo6.co/client/assets/images/icons/icon-512x512.png https://stream.echo6.co/videos/watch/38e7ed2c-f605-4578-a453-f0c451c59116 All rights reserved, unless otherwise specified in the terms specified at https://stream.echo6.co/about and potential licenses granted by each content's rightholder.