Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
ServiceStack before 5.9.2 mishandles JWT signature verification unless an application has a custom ValidateToken function that establishes a valid minimum length for a signature.
- https://www.shielder.it/advisories/servicestack-jwt-signature-verification-bypass/
- https://github.com/ARPSyndicate/cve-scores
- https://github.com/ARPSyndicate/cvemon
- https://github.com/The-Cracker-Technology/jwt_tool
- https://github.com/achmadismail173/jwt_exploit
- https://github.com/crpytoscooby/resourses_web
- https://github.com/fatihtuzunn/api-pentesting-tool
- https://github.com/google/pseudo-identity-provider
- https://github.com/guchangan1/All-Defense-Tool
- https://github.com/mishmashclone/ticarpi-jwt_tool
- https://github.com/phramz/tc2022-jwt101
- https://github.com/puckiestyle/jwt_tool
- https://github.com/snakesec/jwt_tool
- https://github.com/suddenabnormalsecrets/pseudo-identity-provider
- https://github.com/techleadevelopers/Security-Stuffers-Lab
- https://github.com/techleadevelopers/red-team-ops
- https://github.com/ticarpi/jwt_tool
- https://github.com/whoami13apt/tool-
- https://github.com/z-bool/Venom-JWT
- https://github.com/zhangziyang301/jwt_tool