-
Notifications
You must be signed in to change notification settings - Fork 0
JWT
Alnoman Kamil edited this page Oct 15, 2024
·
65 revisions
Apprentice lab:
JWT authentication bypass via unverified signature
Apprentice lab:
JWT authentication bypass via unverified signature
This lab uses a JWT-based mechanism for handling sessions. Due to implementation flaws, the server doesn't verify the signature of any JWTs that it receives.
To solve the lab, modify your session token to gain access to the admin panel at /admin, then delete the user carlos.
You can log in to your own account using the following credentials: wiener:peter
- Solution
Caution
JWT uses Base64url, which is slightly different from Base64.
| First Header | Second Header |
|---|---|
| Content Cell | Content Cell |
| Content Cell | Content Cell |
Solutions for the Portswigger's Web Security Academy using mitmproxy and other cli tools instead of Burp Suite
Server-side topics:
- SQL injection
- Authentication
- File path traversal
- OS command injection
- Business logic vulnerabilities
- Information disclosure
- Access control vulnerabilities
- File upload vulnerabilities
- Race conditions
- Server-side request forgery (SSRF)
- XML external entity (XXE) injection
- NoSQL injection
- API testing
- Web cache deception
Client-side topics:
- Cross-site scripting (XSS)
- Cross-site request forgery (CSRF)
- Cross-origin resource sharing (CORS)
- Clickjacking
- DOM-based vulnerabilities
- WebSockets
Advanced topics: