session-hijacking · multi-turn · MITRE: AML.T0054, AML.T0065Multi-turn attack to learn session token formats and forge authentication tokensRun it:bfla-exploit · single-turn · MITRE: AML.T0051.000, AML.T0065Call admin-level functions as a regular user via broken function-level authorizationRun it:bola-exploit · single-turn · OWASP: LLM02 · MITRE: AML.T0051.000, AML.T0065Manipulate object IDs to access other users’ data via broken object-level authorizationRun it:debug-mode-exploit · single-turn · MITRE: AML.T0054, AML.T0051.000Attempt to activate hidden debug, developer, or sudo modes to bypass restrictionsRun it: