Cobalt Crowdsourced Application PentestCobalt Crowdsourced Application PentestCobalt Crowdsourced Application Pentest

Cobalt Vulnerability Wiki


V3 - Session Management

JWT token over URL (GET method)

POC

  1. Login to the application
  2. Intercept all the request with Burp
  3. Observe that the JWT token is sent via URL in GET request
  4. This might help an attacker to compromise the user session easily.

Impact

Low

Likelihood

Low