JWT Attack Lab — Part 5: Path Traversal Through the kid Header
Part 5 of a series building a Flask API with JWT authentication, then deliberately exploiting six real vulnerabilities in it.
Part 4 cracked a weak HMAC secret offline with hashcat. This part doesn't
quietbytes.hashnode.dev4 min read