JWT - Unverified Signature

Signature

The signature of a JWT aim to validate the integrity of the token. A bad implementation of the signature can poses important security threat since a web user could access resources or perform actions that he should not have access/have the rights.

It worth checking whether the web server verify the signature or not. If the server does not verify the signature, it is possible to craft and submit a JWT with any random values and access to resources we should not have access too.

The image below shows that the Admin interface is only available to an administrator.

The web request below includes a Cookie header. As seen below, the value of the cookie is set to a JWT token. This JWT is included with any request sent to the server. It is used to determine whether the client has the proper authorization to access the resources or perform the action requested.

It is possible to decode the values of the JWT with the JWT Editor Burp Suite extension. The image below illustrates that the JWT is made of three parts (Header, Payload and Signature). In that case, the sub parameter from the Payload section inform us for whom the token has been issued.

Using the JWT Editor Burp Suite extension, it is possible to modify "sub" parameter from "wiener" to "administrator" in the hope of accessing the administrator panel.

PreviousJson Web Token NextDirectory traversal/LFI

Last updated 1 year ago