JSON Web Tokens are everywhere — in cookies, Authorization headers, and API calls. But a misconfigured algorithm or a reusable key can turn this secure standard into a backdoor. Learn to spot the flaws that let you forge tokens and escalate privileges across entire organisations.
Press enter or click to view image in full size
Welcome back. You’ve mastered RCE, XXE, and SSRF. Now we dive into the world of authentication tokens: JSON Web Tokens (JWT) . JWT is a popular, stateless way to manage user sessions and API access. When implemented correctly, it’s secure. When misconfigured, it’s a treasure chest. This lesson covers three critical JWT vulnerabilities: algorithm switching to none , weak cryptographic keys that can be brute‑forced, and token reuse between development and production environments. Each of these can lead to full account takeover.
What Is a JWT? The Three‑Part Token
A JWT looks like:
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Imd1ZXN0IiwiaWF0IjoxNTE2MjM5MD…