JWT Attack Lab — Part 6: Spoofing the JWKS URL an RSA Verifier Trusts
Part 6 of a series building a Flask API with JWT authentication, then deliberately exploiting six real vulnerabilities in it.
Part 5 exploited kid to point a local file lookup somewhere unintended. Th
quietbytes.hashnode.dev4 min read