mirror of
https://github.com/AbdullahRizwan101/CTF-Writeups
synced 2024-11-28 22:50:19 +00:00
1.2 KiB
1.2 KiB
Portswigger JWT - Lab 1
Athentication bypass via unverified signature
In this lab we need to bypass the implementation flaw of the JWT token to login as the admin user, we can login as the normal user with the credentials wiener:peter
We are now logged in as wiener
Visiting /admin
we can see a username administrator
To check the JWT token for this user we can go to developer tools, storage
tab, we'll see the JWT in a session
variable
We can analyze this token on the site https://token.dev/
Although it shows Signature Verification failed
we can still try to modify the username if the server doesn't check the verification of the JWT
Now we need to replace the JWT with our forge JWT to become the administrator user
We can now delete Carlos
user to solve the lab