AllAboutBugBounty/Misc/JWT Vulnerabilities.md

26 lines
862 B
Markdown
Raw Normal View History

2021-02-09 10:29:07 +00:00
# JWT Vulnerabilities
2022-06-15 10:38:42 +00:00
2021-02-09 10:29:07 +00:00
## Introduction
JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object.
2022-06-15 10:38:42 +00:00
## How to exploit
2021-02-09 10:29:07 +00:00
1. Modify the algorithm to "none" algorithm
```
{
"alg": "none",
"typ": "JWT"
}
```
2. Modify the algorithm RS256 to HS256
If you change the algorithm from RS256 to HS256, the backend code uses the public key as the secret key and then uses the HS256 algorithm to verify the signature.
3. Bruteforce HS256
the HS256 key strength is weak, it can be directly brute-forced, such as using the secret string as a key in the PyJWT library sample code.
2022-06-15 10:38:42 +00:00
## Tools
* [jwt-hack](https://github.com/hahwul/jwt-hack)
## Reference
2021-02-09 10:29:07 +00:00
- [Hacking JSON Web Token (JWT)](https://medium.com/101-writeups/hacking-json-web-token-jwt-233fe6c862e6)