dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added test cases for solving the lesson

Browse Source
This commit is contained in:
Nanne Baars
2018-05-21 18:42:50 +02:00
parent 60ef35e241
commit fd96ba18f1
4 changed files with 88 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
webgoat-lessons/jwt/src/main/resources/i18n/WebGoatLabels.properties
View File

@ -22,4 +22,4 @@ jwt-final-hint2=The 'kid' (key ID) header parameter is a hint indicating which k
jwt-final-hint3=The key can be located on the filesystem in memory or even reside in the database
jwt-final-hint4=The key is stored in the database and loaded while verifying a token
jwt-final-hint5=Using a SQL injection you might be able to manipulate the key to something you know and create a new token.
jwt-final-hint6=Use: key1' union all select 'abcdefg' limit 1,1 -- And change the contents of the token to Tom and hit the endpoint with the new token
jwt-final-hint6=Use: hacked' UNION select 'deletingTom' from INFORMATION_SCHEMA.SYSTEM_USERS -- as the kid in the header and change the contents of the token to Tom and hit the endpoint with the new token