LockTalk

Personal Rating: Easy

We have an interesting website

Trying to get a JWT Token results in: Forbidden: Request forbidden by administrative rules.

As seen on the page, we have some API endpoint. Wappalyzer detects Jquery.

Accessing /api/v1/get_ticket returned a 403. I could bypass that by calling //api/v1/get_ticket and obtain a valid JWT token.

Last updated 1 year ago