CINXE.COM

Auth1

<!DOCTYPE html> <html> <head> <title>Auth1</title> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="shortcut icon" type="image/png" href="/public/img/favicon.ico"> <link href="/public/css/authlab.css" rel="stylesheet" type="text/css" /> <meta property="og:title" content="Authentication Lab - DigiNinja" /> <meta property="og:description" content="A set of authentication challenges covering a range of different technologies." /> <meta property="og:image" content="https://digi.ninja/graphics/twittercards/authlab_twittercard.png" /> <meta property="og:type" content="website" /> <meta property="og:sitename" content="DigiNinja" /> <meta name="twitter:card" content="summary" /> <meta name="twitter:title" content="Authentication Lab - DigiNinja" /> <meta name="twitter:description" content="A set of authentication challenges covering a range of different technologies." /> <meta name="twitter:site" content="@digininja" /> <meta name="twitter:creator" content="@digininja" /> <meta name="twitter:domain" content="authlab.digi.ninja" /> <meta name="twitter:site" content="@digininja" /> <meta name="twitter:image" content="https://digi.ninja/graphics/twittercards/authlab_twittercard.png" /> </head> <body> <h1>CVE-2019-7644 - JWT Signature Disclosure</h1> <p> This challenge is based on the Auth0 vulnerability <a href="https://auth0.com/docs/security/bulletins/cve-2019-7644">CVE-2019-7644</a>. </p> <p> Update the JWT to make yourself an administrator and have it accepted by the system. </p> <p> <textarea class="jwt_textarea" id="leaky_jwt_textbox">eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJsZXZlbCI6InVzZXIiLCJ1c2VyIjoic2lkIn0.Hnpn5k6NtrXn8qvOuiSsFjXhAolQGn3TfmGBvA7EGTU</textarea> </p> <p> If you get stuck, or want more information, see my <a href="https://digi.ninja/projects/authlab.php#landauth1">walkthrough</a>. </p> <h2>Auth1</h2> <form method="post" action="/Auth1_Login"> <label for="jwt">JWT</label> <textarea class="jwt_textarea" id="jwt" name="jwt" autofocus></textarea/><br /> <input type="submit" value="Login" /> </form> <p> <a href="/">Back to home</a> </p> <hr /> <p> Lab created by Robin Wood - <a href="https://digi.ninja">DigiNinja</a> </p> </body> </html>

Pages: 1 2 3 4 5 6 7 8 9 10