filmov
tv
JWT Authentication Bypass via jwk Header Injection
Показать описание
👩🎓👨🎓 Learn about JSON Web Token (JWT) vulnerabilities. The server supports the jwk (JSON Web Key) parameter in the JWT header. This is sometimes used to embed the correct verification key directly in the token. However, it fails to check whether the provided key came from a trusted source. To solve the lab, we'll modify and sign a JWT that provides access to the admin panel, then delete the user carlos.
Overview:
0:00 Intro
0:13 Recap
0:38 JWT header parameter injections
1:30 Injecting self-signed JWTs via the jwk parameter
2:17 Symmetric vs asymmetric algorithms
3:40 JWT Editor extension (burp)
4:26 Lab: JWT authentication bypass via jwk header injection
5:43 Solution #1: python
8:59 Solution #2: burp suite
10:34 Solution #3: jwt_tool
13:18 Conclusion
Overview:
0:00 Intro
0:13 Recap
0:38 JWT header parameter injections
1:30 Injecting self-signed JWTs via the jwk parameter
2:17 Symmetric vs asymmetric algorithms
3:40 JWT Editor extension (burp)
4:26 Lab: JWT authentication bypass via jwk header injection
5:43 Solution #1: python
8:59 Solution #2: burp suite
10:34 Solution #3: jwt_tool
13:18 Conclusion
JWT authentication bypass via jwk header injection | PortSwigger Academy tutorial
JWT Authentication Bypass via jwk Header Injection
JWT authentication bypass via jwk header injection
JWT authentication bypass via jwk header injection
JWT authentication bypass via jwk header injection
JWT authentication bypass via jwk header injection
JWT Attacks #4 - JWT authentication bypass via jwk header injection
JWT Authentication bypass via jwk Header Injection || LAB || Full Explanation (in HINDI)
Lab: JWT authentication bypass via jwk header injection
Portswigger Web Academy JWT: JWT authentication bypass via jwk header injection #131
JWT authentication bypass via jwk header injection
Web Security Academy | JWT | 4 - JWT Authentication Bypass Via Jwk Header Injection
22.4 Lab: JWT authentication bypass via jwk header injection - Karthikeyan Nagaraj | 2024
Portswigger Lab: JWT authentication bypass via jwk header injection
JSON Web Token Vulnerability - Portswigger | JWT authentication bypass via jwk header injection #4
JSON Web Token Attacks: LAB #4 By PortSwigger - JWT Authentication Bypass Via JWK Header Injection
JWT authentication bypass via jku header injection
JWT authentication bypass via weak signing key
JWT Authentication Bypass via jku Header Injection
PortSwigger - JWT authentication bypass via jwk header injection | Quick Solution
JWT authentication bypass via jwk header injection | JWT Attacks | PortSwigger
Hacking JWT Authentication Bypass Via JWK Header Injection - Mengambil Alih Fungsi Administrator
JWT Authentication Bypass via Weak Signing Key
JWT authentication bypass via jwk header injection - PT/BR
Комментарии