This exercise covers the exploitation of a Signature Wrapping Issue in passport-saml (CVE-2022-39299)