18 results found
This exercise covers the exploitation of a signature weakness in a JWT library.
This exercise covers the exploitation of an issue with some implementations of JWT
This exercise covers the exploitation of an issue in the usage of JWT token
This exercise covers the exploitation of a vulnerability similar to the recent CVE-2017-17405 impacting Ruby Net::FTP
This exercise covers the exploitation of a trivial secret used to sign JWT tokens.
This exercise covers the exploitation of an injection in the kid element of a JWT. This injection can be used to bypass the signature mechanism
This exercise covers the exploitation of a website using JWT for session without verifying the signature
This exercise covers how to use the jku header to bypass an authentication based on JWT.
This exercise covers how to use the jku header to bypass an authentication based on JWT.
This exercise covers how to use the jku header to bypass an authentication based on JWT.
This exercise covers how to use the jku header to bypass an authentication based on JWT.
This exercise covers how to use the x5u header to bypass an authentication based on JWT.
This exercise covers the exploitation of algorithm confusion when no public key is available
This exercise details the exploitation of a vulnerability in Cisco's node-jose, a JavaScript library created to manage JWT
This exercise covers the exploitation of CVE-2022-21449 against a Java Application relying on JWT
This exercise covers the exploitation of algorithm confusion when no public key is available with a ECDSA key
This exercise covers the exploitation of polyglot token against python_jwt (CVE-2022-39227)
This exercise covers how to bypass a weak JWT Revocation Mechanism.