Skip to main content

One post tagged with "JWT Vulnerabilities"

JWT vulnerabilities refer to weaknesses in JSON Web Tokens that can allow attackers to manipulate or forge tokens, thereby gaining unauthorized access to protected resources. Some common JWT vulnerabilities include token tampering, where an attacker modifies the payload of a valid token; token spoofing, where an attacker creates a fake token and presents it as legitimate; and key exposure, where the secret key used to sign tokens is compromised, allowing attackers to forge their own tokens.

View All Tags

HTB | Under Construction | Write-Up

· 16 min read

Summary:

We prepare for a challenge by preparing challenge files, then proceed to perform source code analysis using VSCodium. As we delve into the code, we identify vulnerabilities in the "requirements" section (CVE-2023-2142, CWE-1321), as well as a SQL Injection vulnerability within the "getUser()" function located in the "helpers/DBHelper.js" file. Furthermore, we discover additional vulnerabilities in the "helper/JWT.js" file, specifically CVE-2022-23539, CVE-2022-23540, and CVE-2022-23541. We then exploit CVE-2022-23541 to gain access, followed by exploiting the SQL Injection vulnerability within the "getUser()" function.

As we navigate through the application, we determine the selected row and column number of interest. Next, we identify a table called "flag_storage" containing sensitive information, along with a specific column labeled as "top_secret_flag". With this knowledge in hand, we proceed to grab the flag from its designated location. We then submit our findings, encapsulating the flag within an HTB{...} notation, and declare Challenge Completed once this task is accomplished.

Challenge Name: Under Construction | Difficulty: Medium | Category: Web