Abusing JSON Web Token to steal accounts — 3000$


Hello fellow hackers! 👋

My name is Filipe Azevedo, I am a Cyber Security Researcher from Portugal. I work mainly for Intigriti and Hackerone.

Today I’m going to show you a recent finding on a private program.

So, let’s go to the vulnerability.