added reminder to JWT None algorithm bypass

2023-03-08 18:21:36 +01:00 · 2023-03-08 18:21:36 +01:00 · 5f83ee9efd
parent 9cd859fa25
commit 5f83ee9efd
1 changed files with 2 additions and 0 deletions
--- a/Exploits/Web/JWT.md
+++ b/Exploits/Web/JWT.md
@ -32,6 +32,8 @@ eyJ0eXAiOiJKV1QiLCJhbGciOiJOT05FIn0K.eyJleHAiOjE1ODY3MDUyOTUsImlhdCI6MTU4NjcwNDk
        eyJ0eXAiOiJKV1QiLCJhbGciOiJOT05FIn0K
        ```

+__Remember to include the `.` at the end even if there is no signature
+
 ## Brute Force
 ```python
 HMACSHA256( base64UrlEncode(header) + "." + base64UrlEncode(payload), secret)