-
Notifications
You must be signed in to change notification settings - Fork 0
JWT
Alnoman Kamil edited this page Oct 15, 2024
·
65 revisions
Apprentice lab:
JWT authentication bypass via unverified signature
Apprentice lab:
JWT authentication bypass via unverified signature
This lab uses a JWT-based mechanism for handling sessions. Due to implementation flaws, the server doesn't verify the signature of any JWTs that it receives.
To solve the lab, modify your session token to gain access to the admin panel at /admin, then delete the user carlos.
You can log in to your own account using the following credentials: wiener:peter
-
Solution
- Log in as
wiener:peter. - Notice cookie is a JWT. Run
jwt_tool../jwt_tool.py <token> -T
- Tamper with it, replacing
wiener->administrator. - Open browser's developer tools under the Storage tab in cookies, replace the value with the one generated from the tool.
- Delete Carlito.
- Log in as
Solutions for the Portswigger's Web Security Academy using mitmproxy and other cli tools instead of Burp Suite
Server-side topics:
- SQL injection
- Authentication
- File path traversal
- OS command injection
- Business logic vulnerabilities
- Information disclosure
- Access control vulnerabilities
- File upload vulnerabilities
- Race conditions
- Server-side request forgery (SSRF)
- XML external entity (XXE) injection
- NoSQL injection
- API testing
Client-side topics:
- Cross-site scripting (XSS)
- Cross-site request forgery (CSRF)
- Cross-origin resource sharing (CORS)
- Clickjacking
- DOM-based vulnerabilities
- WebSockets
Advanced topics: