Untitled

The websites are simple, it show some list and a navigation to login page.

Untitled

There no much information after logged in.

Untitled

This challenges also have downloadable part, so let's do code review again.

From JWTHelpers.js, we know that the website are using JWT for authentication.

Untitled

We can use https://jwt.io for decoding the token

Untitled

As you can see, the JWT are exposing public key on the Payload.

From this article, i know that this website are vulnerable to HS/RSA Confusion Attack

JSON Web Token Exploitation for Red Team