Ottergram

Are favorite otters are back! This time with the hint comments are fun

When we go to the comments, we see that we can edit them.

When we edit a comment, we see that the id is given in the PUT request, but it seems like the protection to see if a comment is really yours comes from the JWT.

So probably the token isn't going through a jwt.verify , let's change the id to test this theory.

So yeah, the token becomes invalid if we tamper with it. Let's go back to our original token, so we have a valid one and try to change another comment.

Well, that didn't go as planned!

So what now? I tried signing it with an empty key and the none attack. But those too came back with invalid token.

After questioning my capabilities as a pentester, I decided to go to my sanity check , and there was something there I hadn't tried.

Well, if it's in my checklist, I just probably try it right?

The request went through, no check whatsoever!

And there it was, my well deserved flag 🇧🇪

Always, and I mean always, keep your notes close and update them if you solved a problem. Your notes are golden!