JWT IV

Bookmarked!

This exercise covers the exploitation of a vulnerability similar to the recent CVE-2017-17405 impacting Ruby Net::FTP

PRO Medium < 1 Hr. 2737 Blue Badge

Course

This PentesterLab exercise focuses on exploiting vulnerabilities in Ruby's <code>open</code> method to gain code execution. Inspired by CVE-2017-17405, the lab demonstrates how to differentiate between <code>File.open</code> and <code>open</code>, and how to leverage this knowledge to execute arbitrary commands.

Skills covered

Injection Authentication Cryptography Operating System

Topics

JWT

cwe-310

Included with PRO

Full course content 3 videos Common mistakes

Ready to practice?

Get access to this lab and 600+ hands-on exercises with a PRO subscription.

Go PRO or create a free account