2019年10月

An example of a vulnerability in the early JWT token node.js library: https://github.com/gluckzhang/ctf-jwt-token

Basic Introduction to JWT Token

According to standard RFC 7519, JSON Web Token (JWT) is a compact, URL-safe means of representing claims to be transferred between two parties. The claims in a JWT are encoded as a JSON object that is used as the payload of a JSON Web Signature (JWS) structure or as the plaintext of a JSON Web Encryption (JWE) structure, enabling the claims to be digitally signed or integrity protected with a Message Authentication Code (MAC) and/or encrypted.

- 阅读剩余部分 (Read the rest) -