CTF-Writeups/Portswigger/JWT/Lab1.md

Portswigger JWT - Lab 1

Athentication bypass via unverified signature

In this lab we need to bypass the implementation flaw of the JWT token to login as the admin user, we can login as the normal user with the credentials wiener:peter

We are now logged in as wiener

Visiting /admin we can see a username administrator

To check the JWT token for this user we can go to developer tools, storage tab, we'll see the JWT in a session variable

We can analyze this token on the site https://token.dev/

Although it shows Signature Verification failed we can still try to modify the username if the server doesn't check the verification of the JWT

Now we need to replace the JWT with our forge JWT to become the administrator user

We can now delete Carlos user to solve the lab