[problematicmatcher]

Discussion: I have started with Breaking bank, i think the key is to forge the Authorization header, i found this in the source code:

// TODO: is this secure enough?
        if (!jku.startsWith('http://127.0.0.1:1337/')) {
            throw new Error('Invalid token: jku claim does not start with http://127.0.0.1:1337/');
        }

I am sure this is the intended way but i cannot seem to get the SSRF to work i keep getting an annoying "Invalid signature" error.

[Surfacing2325]

I have the same issue...
Did you manage to make any progress?

[wintercaptainsoldier]

there is an open redirect that you can exploit and use your own public key to validate the jwt token

[Surfacing2325]

there is an open redirect that you can exploit and use your own public key to validate the jwt token

hello, did you complete EncoDecept?
pls any hint

[FernandoCaliente]

I had also the same issue...
Did you find a suitable solution please

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Replying to someone else's scam report | Failure to follow the first fucking rule of the scam reports section

[sabiri]

still no solution? better rename the project

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Leeching | http://c66go4clkqodr7tdjfu76jztjs7w7d3fajdeypxn73v4ju3dt7g5yyyd.onion/Forum-Ban-Appeals if you feel this is incorrect.