Fix mini spell mistake
This commit is contained in:
parent
36f9df02eb
commit
76f93375d2
|
@ -120,7 +120,7 @@ Using files inside the host with known content you can also forge a valid JWT. F
|
|||
|
||||
#### "kid" issues - SQL Injection
|
||||
|
||||
In a scenario wehre the content of the "kid" is used to retreive the password from the database, you could change the payload inside the "kid" parameter to: `non-existent-index' UNION SELECT 'ATTACKER';-- -` and then sign the JWT with the secret key `ATTACKER`.
|
||||
In a scenario where the content of the "kid" is used to retreive the password from the database, you could change the payload inside the "kid" parameter to: `non-existent-index' UNION SELECT 'ATTACKER';-- -` and then sign the JWT with the secret key `ATTACKER`.
|
||||
|
||||
#### "kid" issues - OS Injection
|
||||
|
||||
|
|
Loading…
Reference in New Issue