PortSwigger Web Security Academy labs solved with curl. https://echoesofwhoami.github.io/CurlSwiggerLabs/ en-us Thu, 27 Feb 2026 00:00:00 GMT How to exploit weak JWT signing keys by bruteforcing the secret to forge administrator tokens and bypass authentication. https://echoesofwhoami.github.io/CurlSwiggerLabs/jwt-authentication-bypass-via-weak-signing-key/ https://echoesofwhoami.github.io/CurlSwiggerLabs/jwt-authentication-bypass-via-weak-signing-key/ Thu, 27 Feb 2026 00:00:00 GMT JWT How to exploit PHP insecure deserialization to inject arbitrary objects and trigger magic methods for remote file deletion. https://echoesofwhoami.github.io/CurlSwiggerLabs/php-deserialization-arbitrary-object-injection/ https://echoesofwhoami.github.io/CurlSwiggerLabs/php-deserialization-arbitrary-object-injection/ Tue, 24 Feb 2026 22:40:00 GMT Object Injection (PHP) How to bypass SSRF filters using an open redirection vulnerability, exploiting a chained attack to access internal admin interfaces. https://echoesofwhoami.github.io/CurlSwiggerLabs/ssrf-filter-bypass-open-redirection/ https://echoesofwhoami.github.io/CurlSwiggerLabs/ssrf-filter-bypass-open-redirection/ Sun, 20 Feb 2026 00:00:00 GMT SSRF