JWT Authentication Bypass via kid Header Path Traversal

👩‍🎓👨‍🎓 Learn about JSON Web Token (JWT) vulnerabilities. In order to verify the signature, the server uses the 'kid' (key ID) parameter in JWT header to fetch the relevant key from its filesystem. To solve the lab, we'll forge a JWT that provides access to the admin panel, then delete the user carlos. Overview: 0:00 Intro 0:13 Recap 0:38 JWT header parameter injections 1:30 Injecting self-signed JWTs via the kid parameter 3:30 Other interesting JWT header parameters 5:02 Lab: JWT authentication bypass via kid header path traversal 6:11 Solution #1: python 7:32 Solution #2: burp suite 10:45 Solution #3: jwt_tool 13:39 How to prevent JWT attacks 14:22 Additional best practice for JWT handling 14:44 Conclusion If you're struggling with the concepts covered in this lab, please review the Introduction to JWT Attacks video first:    • Introduction to JWT Attacks   🧠 For more information, check out https://portswigger.net/web-security/jwt 🔗 ‪@PortSwiggerTV‬ challenge: https://portswigger.net/web-security/... 🧑💻 Sign up and start hacking right now - https://go.intigriti.com/register 👾 Join our Discord - https://go.intigriti.com/discord 🎙️ This show is hosted by   / _cryptocat   ( ‪@_CryptoCat‬ ) &   / intigriti   👕 Do you want some Intigriti Swag? Check out https://swag.intigriti.com 🐍 Python scripts demonstrated in this series can be found here: https://github.com/Crypto-Cat/CTF/tre...