关联漏洞
Description
JWT Key Confusion PoC (CVE-2015-9235) Written for the Hack the Box challenge - Under Construction
介绍
# JWT Key Confusion PoC (CVE-2015-9235)
Written for the Hack the Box challenges - Under Construction and Secret
Both included scripts perform a Java Web Token Key Confusion Attack (CVE-2015-9235).
To perform the attack it is required that the attacker know the public key which the server will use to verify the signature as well as the server being configured to use the HS256 algorithm. Because HS256 is a symmetric-key algorithm (the same key is used to sign and verify the message), we can use the public key to sign our tampered token.
Since the web server knows the public key, when it receives the tampered token it will be able to verify it.
## Screenshot
## Usage
```python3 jwt-9235.py [-h] [token_location] [claim_key] [claim_value]```
```
positional arguments:
token_location location of JWT token (must include 'pk' payload)
claim_key payload claim to target
claim_value new claim value
optional arguments:
-h, --help show this help message and exit
```
If no arguments are provided the application will look for a token file ```./token```, target the ```username``` claim, and replace the claim value with ```‘ or 1=1;–```
## Requirements
```pip install hashlib hmac base64 json argparse colorama```
文件快照
[4.0K] /data/pocs/4152d97182e14f85cae3c7c0c66c6ffa22f46e27
├── [3.3K] jwt-9235.py
├── [1.0K] LICENSE
├── [1.3K] README.md
└── [ 726] secret.py
0 directories, 4 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。