Showing results for: jwt

18 results found

JSON Web Token
| Exercise

This exercise covers the exploitation of a signature weakness in a JWT library.

JSON Web Token II
| Exercise

This exercise covers the exploitation of an issue with some implementations of JWT

JWT III
| Exercise

This exercise covers the exploitation of an issue in the usage of JWT token

JWT IV
| Exercise

This exercise covers the exploitation of a vulnerability similar to the recent CVE-2017-17405 impacting Ruby Net::FTP

JWT V
| Exercise

This exercise covers the exploitation of a trivial secret used to sign JWT tokens.

JWT VI
| Exercise

This exercise covers the exploitation of an injection in the kid element of a JWT. This injection can be used to bypass the signature mechanism

JWT VII
| Exercise

This exercise covers the exploitation of a website using JWT for session without verifying the signature

JWT VIII
| Exercise

This exercise covers how to use the jku header to bypass an authentication based on JWT.

JWT IX
| Exercise

This exercise covers how to use the jku header to bypass an authentication based on JWT.

JWT X
| Exercise

This exercise covers how to use the jku header to bypass an authentication based on JWT.

JWT XI
| Exercise

This exercise covers how to use the jku header to bypass an authentication based on JWT.

JWT XII
| Exercise

This exercise covers how to use the x5u header to bypass an authentication based on JWT.

JSON Web Token XIII
| Exercise

This exercise covers the exploitation of algorithm confusion when no public key is available

CVE-2018-0114
| Exercise

This exercise details the exploitation of a vulnerability in Cisco's node-jose, a JavaScript library created to manage JWT

CVE-2022-21449
| Exercise

This exercise covers the exploitation of CVE-2022-21449 against a Java Application relying on JWT

JSON Web Token XIV: Algorithm Confusion with ECDSA
| Exercise

This exercise covers the exploitation of algorithm confusion when no public key is available with a ECDSA key

JSON Web Token XV: CVE-2022-39227
| Exercise

This exercise covers the exploitation of polyglot token against python_jwt (CVE-2022-39227)

API JWT REVOCATION
| Exercise

This exercise covers how to bypass a weak JWT Revocation Mechanism.

Didn't find what you were after?

or contact us at: