JWT XI

Bookmarked!

This exercise covers how to use the jku header to bypass an authentication based on JWT.

PRO Hard 1-2 Hrs. 690 Green Badge

Course

In this exercise, you'll learn how to exploit the <code>jku</code> header in a JWT token to forge a token that grants admin access. This involves using a header injection vulnerability to bypass URL restrictions and serve a malicious JWK file.

Skills covered

Cryptography

Topics

JWT

cwe-310

Included with PRO

Full course content 3 videos

Ready to practice?

Get access to this lab and 600+ hands-on exercises with a PRO subscription.

Go PRO or create a free account