[Web] JAuth (300 pts)
Last updated
Last updated
Most web application developers use third-party components without testing their security. Some of the past affected companies are:
Equifax (a US credit bureau organization) - breach due to unpatched Apache Struts web framework CVE-2017-5638
Mossack Fonesca (Panama Papers law firm) breach - unpatched version of Drupal CMS used
VerticalScope (internet media company) - outdated version of vBulletin forum software used
Can you identify the components and exploit the vulnerable one? The website is running
The website is running . Can you become an admin?
You can login as test with the password Test123! to get started.
Use the web browser tools to check out the JWT cookie.
The JWT should always have two (2) . separators.
The challenge gave us a login page. After login in, nothing interesting on the page, then I checked the login request to see what was going on. After login, I’ve got a user token, let’s go to and decode it. The notable field here is the role, I got the role of user, so what if we change it to admin?
I’ve tried to change the role to admin and tried again with a new token, but I failed.
After got a new token, I sent the request with the new token, luckily, this time I was right, then I got the flag
Hmm, wait, I could see that the token uses HS256 algorithms, and maybe it could lead to . I generated my new own token and change 2 values alg=none and role=admin
