Skip to main content

One post tagged with "JWT"

JSON Web Tokens (JWTs) are compact, URL-safe tokens that contain data about a user's identity or authentication credentials. They are commonly used for token-based authentication systems, allowing users to authenticate with servers and access protected resources without the need for traditional cookie-based sessions. JWTs are digitally signed and can be verified by anyone in possession of the associated secret key, making them a popular choice for API security and single-sign-on (SSO) applications.

View All Tags

HTB | Under Construction | Write-Up

· 16 min read

Summary:

We prepare for a challenge by preparing challenge files, then proceed to perform source code analysis using VSCodium. As we delve into the code, we identify vulnerabilities in the "requirements" section (CVE-2023-2142, CWE-1321), as well as a SQL Injection vulnerability within the "getUser()" function located in the "helpers/DBHelper.js" file. Furthermore, we discover additional vulnerabilities in the "helper/JWT.js" file, specifically CVE-2022-23539, CVE-2022-23540, and CVE-2022-23541. We then exploit CVE-2022-23541 to gain access, followed by exploiting the SQL Injection vulnerability within the "getUser()" function.

As we navigate through the application, we determine the selected row and column number of interest. Next, we identify a table called "flag_storage" containing sensitive information, along with a specific column labeled as "top_secret_flag". With this knowledge in hand, we proceed to grab the flag from its designated location. We then submit our findings, encapsulating the flag within an HTB{...} notation, and declare Challenge Completed once this task is accomplished.

Challenge Name: Under Construction | Difficulty: Medium | Category: Web