I found this vulnerability about a few months ago, it was a “simple” mistake that I managed to access the Admin panel of a very well-known site. And I have permission to publish this… For those who…

InfoSecWriteUps' platform is  dedicated to providing insights and resources for cybersecurity professionals and enthusiasts. Through articles, tutorials, and security research, InfoSecWriteUps offers insights into cybersecurity vulnerabilities, attack techniques, and defense strategies. Readers can learn about penetration testing, threat intelligence, and incident response to enhance their cybersecurity knowledge and skills.

InfoSec Write-ups

A simple JWT vulnerability allowed access to an admin panel on a well-known site. Although JWTs should be signed by a server for security, this example highlights how a minor mistake in implementation can lead to significant security breaches. The author used Burp Suite to identify and exploit the flaw, demonstrating how changes to JWT parameters can bypass authentication if the server's validation is flawed.

JWT Authentication Bypass leads to Admin Control Panel

<p>Well nice demo but you should givr more explanation what fix could be done to avoid vulns</p>
