Websocket SQL Injection and JWT Token Exploitation Tutorial

Overview

Learn how to solve the "Bug Report Repo" web challenge from the INTIGRITI 1337UP LIVE CTF 2023 in this walkthrough video. Follow along to discover multiple security vulnerabilities including IDOR exploitation, websocket-based SQL injection, and JWT token manipulation. Master techniques for using SQLMap through a proxy, cracking JWT signing keys, and forging authentication tokens to escalate privileges. Explore practical applications of web security testing tools while working through a multi-stage CTF challenge designed for beginners. Gain hands-on experience with real-world penetration testing scenarios including database enumeration, authentication bypass, and privilege escalation through detailed step-by-step demonstrations.

Syllabus

Start
Explore functionality
Tamper with requests IDOR
Identify SQLi
Modify websocket SQLi proxy
SQLMap proxied via burp suite
Explore hidden endpoint
Crack JWT token with jwt_tool
Forge new token to login as admin
End

Taught by

CryptoCat

Reviews

Start your review of Websocket SQL Injection and JWT Token Exploitation Tutorial

Taught by

SQL Injection Tutorial - Union and Blind Attacks in Gin and Juice Shop

JWT Algorithm Confusion and Server-Side Template Injection in Pug - Web Security Tutorial

Never Stop Learning.