Lab: JWT authentication bypass via unverified signature

see the request

sent it to repeater

remove the /myaccount?id=wiener to /myaccount

see the jwt

from wiener to administrator

now we can access the admin panel

paste the session token in the browser

visit the admin accout

delete the carlos user in admin panel