This exercise covers the exploitation of an injection in the kid element of a JWT. This injection can be used to bypass the signature mechanism

< 1 Hr.
Blue Badge


This course delves into exploiting a vulnerability in the JSON Web Token (JWT) implementation used for authentication in a web application. Upon successful login, users are issued a JWT in a cookie. The exercise, inspired by BitcoinCTF challenges, guides users through creating a new user, inspecting the token, and using scripts to tamper with the token for admin access.

The primary focus is on a vulnerability in the 'kid' parameter in the JWT header, which, when not properly escaped, can lead to various types of attacks such as SQL injections and directory traversals. Through automation and careful manipulation of the 'kid' value, participants learn to identify and exploit these vulnerabilities, ultimately gaining admin privileges by signing a malicious JWT.

Want to learn more? Get started with PentesterLab Pro! GO PRO