Traversal
MediumWeb Security
Overview
Our new secure note-taking app lets you store your thoughts with style! Choose from our gallery of thumbnails to personalize your entries. We've implemented robust authentication with JWT tokens, so your notes stay private and secure... or do they? Flag Format: flag{}
Lab Details
Prerequisites & Requirements
- Basic understanding of web applications and HTTP
- Knowledge of JWT (JSON Web Tokens)
- Familiarity with path traversal vulnerabilities
- Understanding of SQL injection
- Python with the JWT library
What will you learn?
- How to identify and exploit Local File Disclosure vulnerabilities
- JWT token forgery techniques
- Second-order SQL injection exploitation
- Bypassing authentication mechanisms
- Chaining multiple vulnerabilities for privilege escalation
Tools
- Web browser
- Burp Suite or similar proxy tool
- Python with JWT library
- Basic text editor
Job Positions
Penetration Tester
Tags
Sql InjectionJwtBroken Access ControlDirectory TraversalOwasp Top 10