{"version":"1.0","blog_url":"https://u3nerd.hatenablog.com/","width":"100%","author_name":"U3nerd","image_url":"https://cdn-ak.f.st-hatena.com/images/fotolife/U/U3nerd/20231026/20231026101139.png","url":"https://u3nerd.hatenablog.com/entry/2023/10/26/101959","provider_url":"https://hatena.blog","blog_title":"The light of hope to the other side of the tunnel - Kotsu Kotsu To -","published":"2023-10-26 10:19:59","height":"190","html":"<iframe src=\"https://hatenablog-parts.com/embed?url=https%3A%2F%2Fu3nerd.hatenablog.com%2Fentry%2F2023%2F10%2F26%2F101959\" title=\"HacktoberFest2k21 vulnerability: How users metadata can be changed via Auth JWT tokens leaking from waybackurls \u304b\u3089\u5b66\u3076 - The light of hope to the other side of the tunnel - Kotsu Kotsu To -\" class=\"embed-card embed-blogcard\" scrolling=\"no\" frameborder=\"0\" style=\"display: block; width: 100%; height: 190px; max-width: 500px; margin: 10px 0px;\"></iframe>","description":"\u30bd\u30fc\u30b9\uff1a infosecwriteups.com \u8106\u5f31\u6027\uff1aJWT \u8a33\uff1a waybackurls \u30ed\u30b0\u304b\u3089\u6f0f\u6d29\u3059\u308b\u8a8d\u8a3c JWTtokens \u3068\u3001\u66f8\u304d\u8fbc\u307f\u306e\u6700\u5f8c\u3067\u5229\u7528\u53ef\u80fd\u306a\u30d3\u30c7\u30aa POC \u3092 \u3002 \u307e\u305a hacktoberfest.digitalocean.com \u306b\u30a2\u30af\u30bb\u30b9\u3057\u3001\u30a2\u30ab\u30a6\u30f3\u30c8\u3092 GitLab \u307e\u305f\u306f GitHub \u306b\u30ea\u30f3\u30af\u3057\u307e\u3059\u3002 \u6b21\u306b\u3001\u4ee5\u4e0b\u306b\u793a\u3059\u3088\u3046\u306b\u3001Burp Suite\u3067\u30d7\u30ed\u30d5\u30a1\u30a4\u30eb\u3092\u30ad\u30e3\u30d7\u30c1\u30e3\u3057\u3001\u30e6\u30fc\u30b6\u30fc\u306e\u30e1\u30bf\u30c7\u30fc\u30bf\u3092\u51e6\u7406\u3059\u308b\u30ea\u30af\u30a8\u30b9\u30c8\u3092\u78ba\u8a8d\u3057\u3001\u305d\u308c\u3092\u30ea\u30d4\u30fc\u30bf\u30fc\u306b\u9001\u4fe1\u3059\u308b\u3060\u3051\u3067\u3059\u3002 \u30d0\u30c3\u30af\u30a2\u30c3\u30d7\u3068\u3057\u3066\u3002 \u30ea\u30af\u30a8\u30b9\u30c8\u3067\u306f\u3001\u4ee5\u4e0b\u306b\u793a\u3059\u3088\u3046\u306b\u3001\u8a8d\u53ef\u306e\u305f\u3081\u306b JWT \u306e\u307f\u304c Autho\u2026","title":"HacktoberFest2k21 vulnerability: How users metadata can be changed via Auth JWT tokens leaking from waybackurls \u304b\u3089\u5b66\u3076","author_url":"https://blog.hatena.ne.jp/U3nerd/","type":"rich","provider_name":"Hatena Blog","categories":["Bug Report"]}