Capture The Flag (CTF) Challenge – Part 5
ATTACKING JWT’S WITH A CUSTOM SQLMAP TAMPER SCRIPT Automating the Attack with SQLmap and a Custom Tamper Script Let’s review what I know and where I’m at in capturing the flag: The web server is NodeJS Express The database is SQLite The hole in the wall is the JSON Web Token. The JWT username field is vulnerable…