pmella16

## Hacking-Json-Web-Tokens.md

      
              1 file
            
          
              0 forks
            
          
                0 comments
              
            
              0 stars
            
          
                pmella16
                / Hacking-Json-Web-Tokens.md
            
            
              Created
              March 22, 2024 15:25
                — forked from Retr02332/Hacking-Json-Web-Tokens.md
            
              
                Hacking Json Web Tokens
              
          
    Hacking Json Web Tokens

Change the algorithm to none and JWT without sign

En este caso, solo debemos configurar el parametro alg con el valor none.
Luego de esto solo quitamos la parte de la firma, pero conservando el punto final es decir
Original  JWT: header.payload.sign
Malicious JWT: header.payload.
Change the algorithm RSA256(asymmetric) to HS256(symmetric)

El algorirtmo HS256 utiliza la clave secreta para firmar y verificar cada mensaje. El algoritmo RS256 usa la clave privada para firmar el mensaje y usa la clave publica para la verificación.

  
## downgrade-node.sh
# Find existing version
node --version

# Search available Node versions.
brew search node

# I neeeded a version between > 10.0 < 11. So I chose node@10.
brew install node@10

# You can install multiple versions, but you cannot have them available all at once.

## wl-api.php
<?php
/**
 * Plugin Name: Custom API
 * Plugin URI: http://chrushingit.com
 * Description: Crushing it!
 * Version: 1.0
 * Author: Art Vandelay
 * Author URI: http://watch-learn.com
 */

## wp-custom-paginated-loop.php
<?php
/**
 * Create post loop query
 */
$paged = ( get_query_var('paged') ) ? get_query_var('paged') : 1;
$args = array(
		'post_type'              => 'post',
		'orderby'                => 'menu_order',
		'order'                  => 'ASC',
		'showposts'              => 3,

## loop-products-woocommerce.php
<ul class="products">
    <?php
        $args = array( 'post_type' => 'product', 'posts_per_page' => 1, 'product_cat' => 'camisa' );
        $loop = new WP_Query( $args );
        while ( $loop->have_posts() ) : $loop->the_post(); global $product; ?>
          	<h2>Shoes</h2>
          	<li class="product">
	            <a href="<?php echo get_permalink( $loop->post->ID ) ?>" title="<?php echo esc_attr($loop->post->post_title ? $loop->post->post_title : $loop->post->ID); ?>">
	            	<?php
	            		woocommerce_show_product_sale_flash( $post, $product );
	# Find existing version
	node --version

	# Search available Node versions.
	brew search node

	# I neeeded a version between > 10.0 < 11. So I chose node@10.
	brew install node@10

	# You can install multiple versions, but you cannot have them available all at once.
	<?php
	/**
	* Plugin Name: Custom API
	* Plugin URI: http://chrushingit.com
	* Description: Crushing it!
	* Version: 1.0
	* Author: Art Vandelay
	* Author URI: http://watch-learn.com
	*/
	<?php
	/**
	* Create post loop query
	*/
	$paged = ( get_query_var('paged') ) ? get_query_var('paged') : 1;
	$args = array(
	'post_type' => 'post',
	'orderby' => 'menu_order',
	'order' => 'ASC',
	'showposts' => 3,
	<ul class="products">
	<?php
	$args = array( 'post_type' => 'product', 'posts_per_page' => 1, 'product_cat' => 'camisa' );
	$loop = new WP_Query( $args );
	while ( $loop->have_posts() ) : $loop->the_post(); global $product; ?>
	<h2>Shoes</h2>
	<li class="product">
	<a href="<?php echo get_permalink( $loop->post->ID ) ?>" title="<?php echo esc_attr($loop->post->post_title ? $loop->post->post_title : $loop->post->ID); ?>">
	<?php
	woocommerce_show_product_sale_flash( $post, $product );