JWT Authentication Bypass via kid Header Path Traversal

Опубликовано: 18 Июль 2023
на канале: Intigriti

5,317

👩‍🎓👨‍🎓 Learn about JSON Web Token (JWT) vulnerabilities. In order to verify the signature, the server uses the 'kid' (key ID) parameter in JWT header to fetch the relevant key from its filesystem. To solve the lab, we'll forge a JWT that provides access to the admin panel, then delete the user carlos.

Overview:
0:00 Intro
0:13 Recap
0:38 JWT header parameter injections
1:30 Injecting self-signed JWTs via the kid parameter
3:30 Other interesting JWT header parameters
5:02 Lab: JWT authentication bypass via kid header path traversal
6:11 Solution #1: python
7:32 Solution #2: burp suite
10:45 Solution #3: jwt_tool
13:39 How to prevent JWT attacks
14:22 Additional best practice for JWT handling
14:44 Conclusion

If you're struggling with the concepts covered in this lab, please review the Introduction to JWT Attacks video first: • Introduction to JWT Attacks 🧠
For more information, check out https://portswigger.net/web-security/jwt

🔗 ‪@PortSwiggerTV‬ challenge: https://portswigger.net/web-security/...

🧑💻 Sign up and start hacking right now - https://go.intigriti.com/register

👾 Join our Discord - https://go.intigriti.com/discord

🎙️ This show is hosted by / _cryptocat ( ‪@_CryptoCat‬ ) & / intigriti

👕 Do you want some Intigriti Swag? Check out https://swag.intigriti.com

🐍 Python scripts demonstrated in this series can be found here: https://github.com/Crypto-Cat/CTF/tre...