JWT Authentication Bypass via Weak Signing Key – PortSwigger Write-Up
Learn to exploit JWT vulnerabilities with weak signing keys in this PortSwigger lab write-up on JWT authentication.
Jun 12, 2023 Juan Antonio González Mena
PortSwigger Labs
29 articles
JWT authentication bypass via flawed signature verification – PortSwigger Write Up
Walkthrough of the PortSwigger lab on JWT authentication bypass through flawed signature verification, exploring how to exploit servers that accept unsigned tokens with the 'none' algorithm.
May 15, 2023 Juan Antonio González Mena
JWT authentication bypass via unverified signature – PortSwigger Write Up
Walkthrough of the PortSwigger lab on JWT authentication bypass through unverified signatures, explaining how to exploit this vulnerability when the server doesn't properly validate token signatures.
May 1, 2023 Juan Antonio González Mena
CSRF vulnerability with no defenses – PortSwigger Write Up
Learn how to exploit a CSRF vulnerability without defenses in PortSwigger Lab. Step-by-step guide to create a malicious HTML page that changes the victim's email through Cross-Site Request Forgery.
Jun 14, 2022 Juan Antonio González Mena
Exploiting Cross-site Scripting to steal Cookies – PortSwigger Write Up
Learn how to exploit stored XSS vulnerabilities to steal session cookies and perform Session Hijacking in this PortSwigger lab.
May 5, 2022 Juan Antonio González Mena
Stored DOM XSS – PortSwigger Write Up
Learn how to exploit stored DOM XSS vulnerabilities in the comments functionality and how to bypass JavaScript's replace() method.
May 4, 2022 Juan Antonio González Mena
Reflected DOM XSS – PortSwigger Write Up
Learn how to exploit a Reflected DOM XSS vulnerability in PortSwigger Lab. Step-by-step guide to identify and exploit an insecure script that processes reflected data in the DOM in a vulnerable way.
May 3, 2022 Juan Antonio González Mena
DOM XSS in AngularJS expression with angle brackets and double quotes HTML-encoded – PortSwigger Write Up
Learn how to exploit a DOM XSS in AngularJS expressions in PortSwigger Lab. Step-by-step guide to execute JavaScript through Angular expressions when angle brackets and double quotes are HTML-encoded.
Apr 5, 2022 Juan Antonio González Mena
DOM XSS in document.write sink using source location.search inside a select element – PortSwigger Write Up
Learn how to exploit DOM XSS in document.write by escaping from a select element and executing arbitrary JavaScript code.
Mar 31, 2022 Juan Antonio González Mena