July 14, 2025

JWT Vulnerability Attacks

daksh kataria June 23, 2025 0
Image Shows JWS vulnerability attack
Post Views: 72

What are JWT attacks?

In order to accomplish a malevolent goal, an attacker alters a JWT and sends it to the server. Usually, the objective is to get around access and authentication restrictions so the attacker can pretend to be another authenticated user.

What is JSON?

  • JavaScript Object Notation is referred to as JSON.
  • It is frequently employed to facilitate communication between a web server and a client.
  • Data serialization and deserialization in web applications are made easier with JSON.
  • Important data, such as user information, is usually stored there.
  • A lot of RESTful APIs use JSON.

Serialization:  Data is transformed into JSON format before being submitted to the server.

Deserialization:  The data is transformed back into a usable (normal) format upon delivery to the server.

What is JSON Injection?

An attack known as JSON Injection occurs when a hacker modifies data that the server has processed as a JSON object.

An attacker might try to insert extra JSON content to change the structure or functionality of the data, for instance, by changing their own account type from “user” to “admin,” if the server saves user data as a JSON string that contains fields like the account type.

What is the JWT format?

Three components make up a JWT (JSON Web Token): a header, a payload, and a signature. A dot (.) separates each component.

  • JSON objects encoded with Base64URL make up the header and payload.
    • Information about the token, including the signature mechanism, is contained in the header.
    • The actual “claims” about the user or session are contained in the payload.

Anyone with access to the token can typically read or even change this data with ease. As a result, the cryptographic signature, which verifies that the token hasn’t been altered, is crucial to the security of any JWT-based system.

What is the impact of JWT attacks?

Typically, JWT attacks have a serious effect. An attacker may be able to take complete control of other users’ accounts by impersonating them or escalating their own privileges if they can generate their own legitimate tokens with arbitrary values.

Mitigation:

  • Make sure the JWT signature is correct at all times.
  • Make use of asymmetric keys or strong, secure secret keys.
  • Give tokens short expiration dates (exp claim).
  • Verify key assertions such as subject (sub), audience (aud), and issuer (iss).
  • JWTs should only be sent via HTTPS.
  • Put in place blacklisting and token revocation procedures.
  • Don’t include private information in the JWT payload.
  • Signing keys should be rotated frequently.
  • Tokens containing invalid algorithms or alg: none should be rejected.
  • Make use of client-side secure storage (such as HTTPOnly cookies).

Supporting Material/References:

  1. https://portswigger.net/web-security/jwt
  2. https://cheatsheetseries.owasp.org/cheatsheets/JSON_Web_Token_for_Java_Cheat_Sheet.html

Practical Time:

Report Summary:  I intercepted that the server failed to validate the token’s signature when I intercepted the JWT token used for authentication. I was able to manufacture a legitimate token by changing the JWT payload to remove the signature verification and altering the sub claim from my username to administrator. I was able to enter the admin panel by sending this altered token in the Authorization header. Because of the server’s inability to validate the JWT signature, this verified an authentication bypass vulnerability.

POC

Step 1

  • Log in to the website using valid credentials.

Image Shows JWT Vulnerability Attacks login

 


Step 2

  • Choose the primary GET /my-account request from the Proxy > HTTP history tab, then send it to the Repeater tab.

Image Shows JWT Vulnerability Attacks


Step 3       

  • To view the JWT payload, double-click on it. It will immediately decode the token and show your credentials, including iss, exp, and sub, in the Inspector panel on the right.

Image Shows JWT payload


Step 4

  • Click “Apply changes” after changing the value from wiener to Administrator.

Image Shows JWT payload

 

Step 5

Let’s attempt to get into the admin panel.  We have successfully obtained access to the admin panel if the answer yields a 200 status code.  Let’s check

Image Shows JWT payload


Step 6

  • To verify that the admin panel is visible, look for the term “admin” in the response.

Image Shows JWT payload


Step 7

  • Let’s look at the user list. Two users are visible to us: “wiener” and “carlos”.

Image Shows JWT Vulnerability Attacks


Step 8

  • Delete the user “Carlos” in order to finish the lab. The user has been successfully erased when this is done, as indicated by the “302 Found” response code that is returned.

Image Shows JWT Vulnerability Attacks


Step 9       

  • Let’s check to see whether user “Carlos” has been removed. The deletion is confirmed by the notification “User deleted successfully.”

Image shows JWT Vulnerability Attacks


Step 10

  • Congratulations, you solved the lab.

Image Shows JWT Vulnerability Attacks

Read More :

₹3.4 Cr Loss for Senior Citizen Under “Digital Arrest

About Author

daksh kataria

See author's posts

More Stories

Bluetooth symbol with coding icon, warning about serious protocol flaws leading to RCE attacks

Serious Flaws in the Bluetooth Protocol Put Devices at Risk of RCE Attacks

daksh kataria July 11, 2025 0
What is a JWT Token? Explained for Beginners

What is a JWT Token?

daksh kataria July 4, 2025 0
Illustration of a padlock symbolizing cryptography, flanked by security and key icons, with the text "Cryptography" and the News4Hackers logo.

What Is Cryptography?

daksh kataria July 2, 2025 0

Leave a Reply

Your email address will not be published. Required fields are marked *

You may have missed

Louis Vuitton logo with headline about a cyber attack and UK data breach

Louis Vuitton Hit by a Cyber Attack; UK Customer Data Hacked

daksh kataria July 13, 2025 0
High-tech cyber forensics lab with multiple screens, highlighting efforts to tackle cybercrime

New Cyber Forensics Lab to Focus on Cybercriminals

daksh kataria July 13, 2025 0
Handcuffs image with news headline about digital arrest scam involving a retired HC judge

A digital arrest scam was made to extort money from a retired HC Judge

daksh kataria July 13, 2025 0
Fraud Victims Scammed Again in Cyber Fraud Case; One Arrested

Fraud Victims Now Twice Bitten As They Lost Money to ‘Cyber Fraud’, 1 Arrested

daksh kataria July 12, 2025 0
WhatsApp Fake Chats scam leads to ₹2 crore fraud and arrest of two criminals in Bengal

WhatsApp Fake Chats Caused 2 Crore Loss and 2 Criminals Arrested in Bengal

daksh kataria July 12, 2025 0
en_USEnglish
en_USEnglish
Open chat
Hello
Can we help you?