Категории

JWT Attack - Exploiting X5C Header

Опубликовано: 16 Апрель 2026
на канале: Gocha Okradze
381
5

Vulnerability case: The application doesn’t properly check which X5C key is used for signing and when X5C headers are set to our values and signed with our private key, authentication is bypassed.

Lab: https://brokencrystals.com
Edit JWT: https://jwt.io
simple JSON Web Key generator: https://mkjwk.org

play_arrow
8,103
79

The

The "Pivot Shift" test"explained
play_arrow
1,559
15

Как спрятать бомбу в кс на de dust 2

Как спрятать бомбу в кс на de dust 2
play_arrow
36,510
476

ချယ်ရီမြို့ ( Official Lyrics Video )

ချယ်ရီမြို့ ( Official Lyrics Video )
play_arrow
10,649
96

РУССКИЙ ШОКОЛАД! СЕРИЯ 24 ! 2010 МЕЛОДРАМА! СЕРИАЛ

РУССКИЙ ШОКОЛАД! СЕРИЯ 24 ! 2010 МЕЛОДРАМА! СЕРИАЛ"
play_arrow
2,283,522
38 тыс

The Luckydo Rap by Wowcrendor (WoW Machinima) | World of Warcraft

The Luckydo Rap by Wowcrendor (WoW Machinima) | World of Warcraft
play_arrow
31,174
3.6 тыс

00:00:00

The Constitutional Court is concerned about LGBT people, the Childfree Ban, and a Denunciation of...

The Constitutional Court is concerned about LGBT people, the Childfree Ban, and a Denunciation of...
play_arrow
1,754
55

НОВЫЙ RH❄I Viiper В ТОП 300 МИРА / ПАЛАЧ + ХОГ / ТОПОВЫЕ БОИ / Clash Royale

НОВЫЙ RH❄I Viiper В ТОП 300 МИРА / ПАЛАЧ + ХОГ / ТОПОВЫЕ БОИ / Clash Royale
play_arrow
115
3

Сервисы 1С для проверки ваших контрагентов. Быстро и надежно! ( запись от 28.03.2024 г.)

Сервисы 1С для проверки ваших контрагентов. Быстро и надежно! ( запись от 28.03.2024 г.)
Похожие видео
play_arrow
GraphQL - OS Command injection

GraphQL - OS Command injection
play_arrow
Self reflect XSS on the portswigger web security academy JWT lab

Self reflect XSS on the portswigger web security academy JWT lab
play_arrow
GraphQL - Chain Introspection with SQLi

GraphQL - Chain Introspection with SQLi
play_arrow
Chain File Upload with XSS

Chain File Upload with XSS
play_arrow
Directory Listing - Active scan

Directory Listing - Active scan
play_arrow
Reflect XSS with Content-Type: text/xml

Reflect XSS with Content-Type: text/xml
play_arrow
Reflect XSS 1

Reflect XSS 1
play_arrow
Dom XSS2

Dom XSS2
play_arrow
Dom XSS1

Dom XSS1
play_arrow
Common Files

Common Files
play_arrow
Login page Brute Force with ffuf

Login page Brute Force with ffuf
play_arrow
JWT Attack - Exploiting X5U Header injection

JWT Attack - Exploiting X5U Header injection
play_arrow
JWT attack - Exploiting JKU Header injection

JWT attack - Exploiting JKU Header injection
play_arrow
JWT Attack - Exploiting X5C Header

JWT Attack - Exploiting X5C Header
play_arrow
JWT Attack - JWK - JSON Web Key injection

JWT Attack - JWK - JSON Web Key injection
play_arrow
JWT Attack - Weak Key - Secret Brute force with Hashcat

JWT Attack - Weak Key - Secret Brute force with Hashcat
play_arrow
JWT Attack - Secret Brute force with Hashcat

JWT Attack - Secret Brute force with Hashcat
play_arrow
JWT Attack - Signature is not checked

JWT Attack - Signature is not checked
play_arrow
Check Time based SQLi

Check Time based SQLi
play_arrow
ჯვრის ტბა

ჯვრის ტბა
play_arrow
XSS from jpg with Amazon S3 Bucket

XSS from jpg with Amazon S3 Bucket
play_arrow
From CRLF to XSS on http://yun.oppo.com

From CRLF to XSS on http://yun.oppo.com
play_arrow
s3 Bucket Takeover by me

s3 Bucket Takeover by me
play_arrow
crlf injection on https://bug.qiwi.com

crlf injection on https://bug.qiwi.com