Back to room
Practical: Forge an Admin Token
The endpoint below trusts the token's alg field. Edit the header, escalate the payload, rebuild the token, and submit. The flag is in the format BSC{...}.
Target
POST https://acme.local/api/auth/verify
The verifier is naive: it reads header.alg from the token to decide how to verify.
Header
Payload
Token (Authorization: Bearer)
Server response
› Endpoint: POST /api/auth/verify
› Sample token issued for role=user. Try escalating to admin.