Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

JWT Algorithm Confusion and Server-Side Template Injection in Pug - Web Security Tutorial

CryptoCat via YouTube

Start learning Write review
Boot.dev Ad

Learn Backend Development Part-Time, Online

Learn More → CodeSignal Ad

Introduction to Programming with Python

Learn More →

Overview

Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Learn how to exploit a server-side template injection vulnerability in a CTF web challenge through this detailed walkthrough video. Explore the mechanics of bypassing username sanitization through JWT algorithm confusion, allowing injection of malicious Pug template code. Follow along with a comprehensive breakdown covering the challenge's site functionality, source code analysis, SSTI exploitation in Pug, JWT security bypass techniques, and flag exfiltration methods. Master practical web security concepts including template injection, JWT manipulation, and blind payload development while solving this challenge from the Intigriti 1337UP LIVE CTF 2024 competition.

Syllabus

Intro
Site functionality
Source code review
SSTI pug
JWT algorithm confusion
Solve script
Exfiltrate the flag
Conclusion

Taught by

CryptoCat

Reviews

Start your review of JWT Algorithm Confusion and Server-Side Template Injection in Pug - Web Security Tutorial

Start learning

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Sign up for free
Someone learning on their laptop while sitting on the floor.