JWT authentication bypass via algorithm confusion with no exposed key

preview_player
Показать описание
Esta práctica de laboratorio usa un mecanismo basado en JWT para manejar sesiones. Utiliza un sólido par de claves RSA para firmar y verificar tokens. Sin embargo, debido a fallas de implementación, este mecanismo es vulnerable a ataques de confusión de algoritmos.

Para resolver la práctica de laboratorio, primero obtenga la clave pública del servidor. Use esta clave para firmar un token de sesión modificado que le da acceso al panel de administración en /admin, luego elimine el usuario carlos.

Puede iniciar sesión en su propia cuenta con las siguientes credenciales: wiener:peter
Consejo

Recomendamos familiarizarse con cómo trabajar con JWT en Burp Suite antes de intentar este laboratorio.

Insinuación

Puede suponer que el servidor almacena su clave pública como un archivo PEM X.509.

Script:
  1. Bug Bounty España
Рекомендации по теме
JWT Authentication Bypass 0:12:24

JWT Authentication Bypass via Algorithm Confusion

JWT authentication bypass 0:07:02

JWT authentication bypass via algorithm confusion | PortSwigger Academy tutorial

JWT authentication bypass 0:06:15

JWT authentication bypass via algorithm confusion with no exposed key | PortSwigger Academy tutorial

JWT authentication bypass 0:02:28

JWT authentication bypass via algorithm confusion

JWT authentication bypass 0:07:09

JWT authentication bypass via algorithm confusion with no exposed key

JWT authentication bypass 0:04:31

JWT authentication bypass via algorithm confusion

JWT authentication bypass 0:02:32

JWT authentication bypass via algorithm confusion

JWT Authentication Bypass 0:07:34

JWT Authentication Bypass via Algorithm Confusion with No Exposed Key

JWT authentication bypass 0:06:27

JWT authentication bypass via algorithm confusion with no exposed key

JWT authentication bypass 0:08:20

JWT authentication bypass via algorithm confusion

JSON Web Token 0:05:08

JSON Web Token Attacks: LAB #7 - JWT Authentication Bypass Via Algorithm Confusing

Lab: JWT authentication 0:05:01

Lab: JWT authentication bypass via algorithm confusion

Web Security Academy 0:36:59

Web Security Academy | JWT | 7 - JWT Authentication Bypass Via Algorithm Confusion

JWT Attacks #7 0:10:31

JWT Attacks #7 - JWT authentication bypass via algorithm confusion

JWT Authentication Bypass 0:14:02

JWT Authentication Bypass via jwk Header Injection

JWT authentication bypass 0:07:30

JWT authentication bypass via algorithm confusion with no exposed key

JWT authentication bypass 0:07:30

JWT authentication bypass via algorithm confusion with no exposed key

JWT authentication bypass 0:02:51

JWT authentication bypass via weak signing key

JWT authentication bypass 0:08:20

JWT authentication bypass via algorithm confusion

JWT Attacks #8 0:08:35

JWT Attacks #8 - JWT authentication bypass via algorithm confusion with no exposed key

JSON Web Token 0:06:25

JSON Web Token Attacks:LAB#8 - JWT Authentication Bypass Via Algorithm Confusing With No Exposed Key

Lab: JWT authentication 0:25:21

Lab: JWT authentication bypass via algorithm confusion with no exposed key

JWT Authentication Bypass 0:10:56

JWT Authentication Bypass via Flawed Signature Verification

JWT Authentication Bypass 0:12:35

JWT Authentication Bypass via Weak Signing Key