ARZ101

JWT authentication bypass via flawed signature verification

In this lab we need bypass authentication via flawed JWT signature verification to become the administrator user by modifying token and access /admin , we can login with the credentials wiener:peter as a normal user

--

--