Challenge 59 of 66

Key Injector

🔴 Elite Auth +150 XP

A JWT uses a "kid" header parameter to select the signing key from a file. Inject a path traversal to use /dev/null as the key.

Key Injector // sandbox

If kid points to /dev/null (empty file), the signature is verified against an empty secret.

+150 XP earned