JWT authentication bypass via flawed signature verification
In this lab we need bypass authentication via flawed JWT signature verification to become the administrator user by modifying token and access /admin , we can login with the credentials wiener:peter as a normal user
We can try accessing /admin , which only allows the administrator user to access it
Checking the session cookie from developer tools
We can see a JWT token which can be analyzed by going to https://token.dev/
I tried modifying the name username to administrator
But when changing the JWT it just logs out the user
It could be that it doesn’t valid what algorithm is being used so we can try to set alg to none
But also to add . at the end of payload part
After deleting carlos user we can solve the lab
