CVE-2019-20933

CVE-2019-20933 InfluxDB before 176 has an authentication bypass vulnerability in the authenticate function in services/httpd/handlergo because a JWT token may have an empty SharedSecret (aka shared secret) (see nvdnistgov/vuln/detail/CVE-2019-20933 For more details) PoC This PoC exploits the above CVE to make a quick and dirty influxDB client Usage: usage: infl

HackTheBox - Devzat - Writeup Enumeration ⛩\> nmap -p- -sV -sC -v -oA enum --min-rate 4500 --max-rtt-timeout 1500ms --open 101292400 Nmap scan report for 101292400 Host is up (016s latency) Not shown: 65532 closed ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 82p1 Ubuntu 4ubuntu02 (Ubuntu Linux; protocol 20) | ssh-hostkey: | 3072 c2:

InfluxDB CVE-2019-20933 vulnerability exploit

InfluxDB Exploit CVE-2019-20933 Exploit for InfluxDB CVE-2019-20933 vulnerability, InfluxDB before 176 has an authentication bypass vulnerability in the authenticate function in services/httpd/handlergo because a JWT token may have an empty SharedSecret (aka shared secret) Exploit check if server is vulnerable, then it tries to get a remote query shell It has built in a us

A Burp Suite extension for creating and editing JSON Web Tokens. This tool supports signing and verification of JWS, encryption and decryption of JWE and automation of several well-known attacks against applications that consume JWT.

JWT Editor JWT Editor is a Burp Suite extension which aims to be a Swiss Army Knife for manipulating JSON Web Tokens (JWTs) within Burp Suite It provides detection of JWTs within both HTTP and WebSocket messages and allows for their editing, signing, verifying, encryption and decryption Additionally it facilitates several well-known attacks against JWT implementations Overvi