JWT VI

Bookmarked!

This exercise covers the exploitation of an injection in the kid element of a JWT. This injection can be used to bypass the signature mechanism

PRO Medium < 1 Hr. 2589 Blue Badge

Course

This course covers the exploitation of weaknesses in the usage of JSON Web Tokens (JWTs) for authentication, inspired by challenges from BitcoinCTF. The exercise demonstrates how to gain admin access by tampering with JWTs through automation and discovering vulnerabilities.

Skills covered

Injection Authentication Cryptography

Topics

JWT

cwe-310

Included with PRO

Full course content 3 videos

Ready to practice?

Get access to this lab and 600+ hands-on exercises with a PRO subscription.

Go PRO or create a free account