Coursera Plus Annual is 40% Off — Ends July 6.

Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

JWT Algorithm Confusion and Server-Side Template Injection in Pug - Web Security Tutorial

CryptoCat via YouTube

Start learning Write review
Scrimba Ad

Free courses from frontend to fullstack and AI

Learn More → DataCamp Ad

PowerBI Data Analyst - Create visualizations and dashboards from scratch

Learn More →

Overview

AI, Data Science & Cloud Certificates from Google, IBM & Meta — 40% Off
One plan covers every Professional Certificate on Coursera. 40% off Coursera Plus Annual.
Unlock All Certificates
Learn how to exploit a server-side template injection vulnerability in a CTF web challenge through this detailed walkthrough video. Explore the mechanics of bypassing username sanitization through JWT algorithm confusion, allowing injection of malicious Pug template code. Follow along with a comprehensive breakdown covering the challenge's site functionality, source code analysis, SSTI exploitation in Pug, JWT security bypass techniques, and flag exfiltration methods. Master practical web security concepts including template injection, JWT manipulation, and blind payload development while solving this challenge from the Intigriti 1337UP LIVE CTF 2024 competition.

Syllabus

Intro
Site functionality
Source code review
SSTI pug
JWT algorithm confusion
Solve script
Exfiltrate the flag
Conclusion

Taught by

CryptoCat

Reviews

Start your review of JWT Algorithm Confusion and Server-Side Template Injection in Pug - Web Security Tutorial

Start learning

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Sign up for free
Someone learning on their laptop while sitting on the floor.