CTF-Writeups/Portswigger/JWT/Lab2.md

Portswigger JWT - Lab 2

JWT authentication bypass via flawed signature verification

In this lab we need bypass authuntication via flawed JWT signature verfication to become the administrator user by modifiying token and access /admin , we can login with the credentials wiener:peter as a normal user

We can try accessing /admin , which only allows the administrator user to access it

Checking the session cookie from developer tools

We can see a JWT token which can be analyzed by going to https://token.dev/

I tried modifying the name username to administrator

But when changing the JWT it just logs out the user

It could be that it doesn't valid what algorithm is being used so we can try to set alg to none

But also to add . at the end of payload part

After deleting carlos user we can solve the lab