Course
In this exercise, you will learn how to exploit the <code>jku</code> header in JWT tokens to forge a token and gain admin privileges. We will utilize an Open Redirect vulnerability to bypass URL restrictions and manipulate the JWT.
Skills covered
Injection
Authentication
Authorisation
Cryptography
Operating System
Network
Topics
JWT
cwe-310
Ready to practice?
Get access to this lab and 600+ hands-on exercises with a PRO subscription.
