· Manuel López Pérez · writeups
Attacking JSON Web Token (JWT)
Explanation of how to exploit a JWT vulnerability by changing the algorithm (RS256 → HS256) and using the public key as the secret. PoC based on the Moar Horse 4 challenge from TJCTF 2020.