Taking over a website with JWT Tokens!

Attacking JWT - Header Injections

2024 Guide: Hacking APIs

The UPDATED GOATMAN mod is EVIL.. Minecraft: From the Fog

The World’s Most Expensive Gym Membership ($10k/month)

Leno Drives Legendary 1969 Camaro Z28 Rally Sport with an Incredible Backstory! | Jay Leno's Garage

JWT authentication bypass via 'X-HTTP-Method-Override' Header

Medusa

Просмотров 3,6 тыс.

Добавить в
- Мой плейлист
- Посмотреть позже
Поделиться

Поделиться

HTML-код

Размер видео:

Показать панель управления

Автовоспроизведение

Автоповтор

Опубликовано: 27 ноя 2024
ESPv2 contains an authentication bypass vulnerability. API clients can craft a malicious X-HTTP-Method-Override header value to bypass JWT authentication in specific cases.
Reference: github.com/Goo...
.
.
.
.
.
Like and Subscribe :)
Social media:
Twitter: / medusa_0xf
Blog:
/ medusa0xf
#api #bugbounty #twitter #vulnerability #postman ostman #pentesting #api #hack #bola #tryhackme #hackerone #apihacking #computerscience #javascript #python #postman #ctf #bughunting #pentesting #hacking #hackingtools #burpsuite #portswigger #ethicalhacking #OAuth #webhacking #programming #websecurity #technology #practical #artificialintelligence #web #recon #bypass

Комментарии • 13

Следующие

Автовоспроизведение

Taking over a website with JWT Tokens!

Taking over a website with JWT Tokens!

Attacking JWT - Header Injections

Attacking JWT - Header Injections

2024 Guide: Hacking APIs

2024 Guide: Hacking APIs

The UPDATED GOATMAN mod is EVIL.. Minecraft: From the Fog

The UPDATED GOATMAN mod is EVIL.. Minecraft: From the Fog

The World’s Most Expensive Gym Membership ($10k/month)

The World’s Most Expensive Gym Membership ($10k/month)

Leno Drives Legendary 1969 Camaro Z28 Rally Sport with an Incredible Backstory! | Jay Leno's Garage

Leno Drives Legendary 1969 Camaro Z28 Rally Sport with an Incredible Backstory! | Jay Leno's Garage

Philadelphia Eagles vs. Los Angeles Rams Game Highlights | NFL 2024 Season Week 12

Philadelphia Eagles vs. Los Angeles Rams Game Highlights | NFL 2024 Season Week 12

Bug Bounty: How Developers Implement 403 & How To Bypass Them? | 2024

Bug Bounty: How Developers Implement 403 & How To Bypass Them? | 2024

OWASP API Top 10 - Broken Authentication

OWASP API Top 10 - Broken Authentication

JWT Authentication Bypass via Algorithm Confusion

JWT Authentication Bypass via Algorithm Confusion

Cracking JSON Web Tokens

Cracking JSON Web Tokens

Why is JWT popular?

Why is JWT popular?

Hack JWT using JSON Web Tokens Attacker BurpSuite extensions

Hack JWT using JSON Web Tokens Attacker BurpSuite extensions

Web Cache Poisoning: Hunting Methodology & Real-World Examples

Web Cache Poisoning: Hunting Methodology & Real-World Examples

JWT jku&x5u = ❤️ by @snyff #NahamCon2020

JWT jku&x5u = ❤️ by @snyff #NahamCon2020

JWT Authentication Bypass via jku Header Injection

JWT Authentication Bypass via jku Header Injection

СМЕРТЕЛЬНАЯ РУЛЕТКА 2 🔫🔫| WICSUR #shorts

СМЕРТЕЛЬНАЯ РУЛЕТКА 2 🔫🔫| WICSUR #shorts

ТЫ ПО-МОЕМУ ПЕРЕПУТАЛ (GDE PAPA LONGMIX)

ТЫ ПО-МОЕМУ ПЕРЕПУТАЛ (GDE PAPA LONGMIX)

ТО, ЧТО КАЖДЫЙ ДЕЛАЛ В ДЕТСТВЕ! (99% ВСЕ ЭТО ДЕЛАЛИ) #Shorts #Глент

ТО, ЧТО КАЖДЫЙ ДЕЛАЛ В ДЕТСТВЕ! (99% ВСЕ ЭТО ДЕЛАЛИ) #Shorts #Глент

Color Matching Challenge, So Exciting, Waiting For The Party To Play#Funnyfamily #Partygames #Funny

Color Matching Challenge, So Exciting, Waiting For The Party To Play#Funnyfamily #Partygames #Funny

真是没想到啊！#吃货日常记录#夫妻干饭日常#美食#光盘行动拒绝浪费#妈呀

真是没想到啊！#吃货日常记录#夫妻干饭日常#美食#光盘行动拒绝浪费#妈呀

badici 🆚 pavırcı @gokalaf

badici 🆚 pavırcı @gokalaf

Равдин в начале карьеры 😳 #ComedyClub #КамедиКлаб #равдин #харламов #тнт #овршоу #павелволя #камеди

Равдин в начале карьеры 😳 #ComedyClub #КамедиКлаб #равдин #харламов #тнт #овршоу #павелволя #камеди