0x22bb
/
hacktricks
mirror of https://github.com/carlospolop/hacktricks.git
1
2
Fork 0
Code Releases Activity

Fix mini spell mistake

This commit is contained in:
SidneyJob 2023-11-21 18:40:35 +03:00
parent 36f9df02eb
commit 76f93375d2
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pentesting-web/hacking-jwt-json-web-tokens.md
View File

@ -120,7 +120,7 @@ Using files inside the host with known content you can also forge a valid JWT. F
#### "kid" issues - SQL Injection
In a scenario wehre the content of the "kid" is used to retreive the password from the database, you could change the payload inside the "kid" parameter to: `non-existent-index' UNION SELECT 'ATTACKER';-- -` and then sign the JWT with the secret key `ATTACKER`.
In a scenario where the content of the "kid" is used to retreive the password from the database, you could change the payload inside the "kid" parameter to: `non-existent-index' UNION SELECT 'ATTACKER';-- -` and then sign the JWT with the secret key `ATTACKER`.
#### "kid" issues - OS Injection