Course
In this exercise, you will learn how to exploit the <code>jku</code> header in JWT tokens to become an admin by forging a token. This involves creating a malicious JWK file, uploading it to the server, and bypassing URL restrictions.
Skills covered
Injection
Authentication
Topics
JWT
cwe-310
Ready to practice?
Get access to this lab and 600+ hands-on exercises with a PRO subscription.
