search

SasanLabs / VulnerableApp

OWASP VulnerableApp Project: For Security Enthusiasts by Security Enthusiasts.
https://sasanlabs.github.io/VulnerableApp/
Apache License 2.0
299 stars 400 forks source link

feat: implement header param injection handling for JWT vulnerabilities #473

Open leiberbertel opened 3 months ago

leiberbertel commented 3 months ago

Added handling for header parameter injection in JWTVulnerability.java, addressing the missing attack vector noted in issue #413. Follows https://portswigger.net/web-security/jwt guidelines.

Ref: #413

leiberbertel commented 1 month ago

@preetkaran20, I hope you are well, thanks for your patience! I wanted to consult you if it would be possible for me to upload some unit tests for the level I created. If so, I can create the card, or if you prefer, you could do it.

I remain attentive to your answer.

preetkaran20 commented 1 week ago

@preetkaran20, I hope you are well, thanks for your patience! I wanted to consult you if it would be possible for me to upload some unit tests for the level I created. If so, I can create the card, or if you prefer, you could do it.

I remain attentive to your answer.

@leiberbertel It is upto you. I am fine with everything.

leiberbertel commented 1 week ago

@preetkaran20, I hope you are well, thanks for your patience! I wanted to consult you if it would be possible for me to upload some unit tests for the level I created. If so, I can create the card, or if you prefer, you could do it. I remain attentive to your answer.

@leiberbertel It is upto you. I am fine with everything.

@preetkaran20 Okay, in that case, I'll upload the changes.