PHP Snippet #03

This challenge covers the review of a snippet of code written in PHP

PRO
Tier
Easy
< 1 Hr.
1154

Course


The Code Review Snippet challenges are designed to test your ability to identify vulnerabilities in small code snippets. This specific lab, jwt.php, involves a PHP script that processes JSON Web Tokens (JWT). The script splits the JWT into parts, decodes the header, and checks if the algorithm specified in the token is among the allowed algorithms.

A key issue in this code is the use of the `in_array` function without strict comparison, allowing an attacker to manipulate the algorithm parameter to bypass security checks. By setting the algorithm to a value like '0', the loose comparison in `in_array` can erroneously validate the token, posing a significant security risk. The developer should ensure that strict comparison is used in the `in_array` function to prevent such vulnerabilities.

Want to learn more? Get started with PentesterLab Pro! GO PRO