Personal Rating: Easy
We have an interesting website
Trying to get a JWT Token results in: Forbidden: Request forbidden by administrative rules.
As seen on the page, we have some API endpoint. Wappalyzer detects Jquery.
Accessing /api/v1/get_ticket returned a 403. I could bypass that by calling //api/v1/get_ticket and obtain a valid JWT token.
/api/v1/get_ticket
//api/v1/get_ticket
Last updated 1 year ago
