Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2018-0114 PoC — Cisco node-jose open source library 数据伪造问题漏洞

Source
https://github.com/n0m-d/CVE-2018-0114-Go
Associated Vulnerability
Title:Cisco node-jose open source library 数据伪造问题漏洞 (CVE-2018-0114)
Description:Cisco node-jose open source library是美国思科(Cisco)公司的一个基于Web浏览器和node.js的服务器的JSON对象签名和加密的开源库。 Cisco node-jose open source library 0.11.0之前的版本中存在安全漏洞,该漏洞源于node-jose使用了JSON Web Signature (JWS)标准。远程攻击者可通过移除原签名伪造有效的JWS对象利用该漏洞重新签名令牌。
Readme
# CVE-2018-0114 Proof of Concept

Reference: [CVE-2018-0114](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0114)

**Note:** For educational purposes only.

To generate a JWT with the claim "admin", run the following command in the project directory:

```sh
go run . --claim=admin
```

```sh
____       __  __     ____                  ___        __        _        __                 __        _        _      __ __
/\  _`\    /\ \/\ \   /\  _`\              /'___`\    /'__`\    /' \     /'_ `\             /'__`\    /' \     /' \    /\ \\ \
\ \ \/\_\  \ \ \ \ \  \ \ \L\_\           /\_\ /\ \  /\ \/\ \  /\_, \   /\ \L\ \           /\ \/\ \  /\_, \   /\_, \   \ \ \\ \
\ \ \/_/_  \ \ \ \ \  \ \  _\L   _______ \/_/// /__ \ \ \ \ \ \/_/\ \  \/_> _ <_  _______ \ \ \ \ \ \/_/\ \  \/_/\ \   \ \ \\ \_
 \ \ \L\ \  \ \ \_/ \  \ \ \L\ \/\______\   // /_\ \ \ \ \_\ \   \ \ \   /\ \L\ \/\______\ \ \ \_\ \   \ \ \    \ \ \   \ \__ ,__\
  \ \____/   \ `\___/   \ \____/\/______/  /\______/  \ \____/    \ \_\  \ \____/\/______/  \ \____/    \ \_\    \ \_\   \/_/\_\_/
   \/___/     `\/__/     \/___/            \/_____/    \/___/      \/_/   \/___/             \/___/      \/_/     \/_/      \/_/


[x] Generating JWT with payload "admin" ...
[x] Keys Generated
[x] Signature Signed

eyJhbGciOiJSUzI1NiIsI.......
```
File Snapshot

 [4.0K]  /data/pocs/352a0d49fd9b8961c7324236280266edbf9bd422
├── [ 655]  banner.go
├── [ 123]  go.mod
├── [ 227]  go.sum
├── [ 561]  jwt.go
├── [ 890]  keys.go
├── [1.0K]  main.go
└── [1.3K]  README.md

0 directories, 7 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.