Portswigger JWT — Lab 2

JWT authentication bypass via flawed signature verification

In this lab we need bypass authentication via flawed JWT signature verification to become the administrator user by modifying token and access /admin , we can login with the credentials wiener:peter as a normal user

We can try accessing /admin , which only allows the administrator user to access it

Checking the session cookie from developer tools

We can see a JWT token which can be analyzed by going to https://token.dev/

I tried modifying the name username to administrator

But when changing the JWT it just logs out the user

It could be that it doesn’t valid what algorithm is being used so we can try to set alg to none

But also to add . at the end of payload part

After deleting carlos user we can solve the lab

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store