{"vulnerability": "cve-2020-28042", "sightings": [{"uuid": "6dbf6723-76b0-4041-85c5-39fa3f8d2c73", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-28042", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/12590", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1a\u6f0f\u6d1e\u9a8c\u8bc1\n\u63cf\u8ff0\uff1a\u9488\u5bf9JWT\u6e17\u900f\u5f00\u53d1\u7684\u6f0f\u6d1e\u9a8c\u8bc1/\u5bc6\u94a5\u7206\u7834\u5de5\u5177\uff0c\u9488\u5bf9CVE-2015-9235/\u672a\u9a8c\u8bc1\u7b7e\u540d\u653b\u51fb/CVE-2016-10555/CVE-2018-0114/CVE-2020-28042\u7684\u7ed3\u679c\u751f\u6210\u7528\u4e8eFUZZ\uff0c\u4e5f\u53ef\u4f7f\u7528\u5b57\u5178/\u5b57\u7b26\u679a\u4e3e(\u5305\u62ecJJWT)\u7684\u65b9\u5f0f\u8fdb\u884c\u7206\u7834\nURL\uff1ahttps://github.com/kingjly/Directory-Traversal-Scanner\n\n\u6807\u7b7e\uff1a#\u6f0f\u6d1e\u9a8c\u8bc1", "creation_timestamp": "2025-02-05T19:34:25.000000Z"}, {"uuid": "1586a88c-005c-4a22-a1a5-286c2512177a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-28042", "type": "seen", "source": "https://t.me/pt_soft/12", "content": "The JSON Web Token Toolkit v2\n\n\ud83d\udc0d A toolkit for testing, tweaking and cracking JSON Web Tokens\n\n\u041f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u043d\u0430 \u0432\u0430\u043b\u0438\u0434\u043d\u043e\u0441\u0442\u044c\n\u041f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u043d\u0430 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438:\n(CVE-2015-2951) alg=none\n(CVE-2016-10555) RS/HS256 public key mismatch\n(CVE-2018-0114) Key injection\n(CVE-2019-20933/CVE-2020-28637) Blank password\n(CVE-2020-28042) Null signature\n\n#json #jwt #jwt_tool #json_web_token", "creation_timestamp": "2023-08-02T10:00:03.000000Z"}, {"uuid": "67ae6d97-a5fc-441a-88e8-2344ab2bd3d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-28042", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/11760", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1a\u6f0f\u6d1e\u9a8c\u8bc1\n\u63cf\u8ff0\uff1a\u9488\u5bf9JWT\u6e17\u900f\u5f00\u53d1\u7684\u6f0f\u6d1e\u9a8c\u8bc1/\u5bc6\u94a5\u7206\u7834\u5de5\u5177\uff0c\u9488\u5bf9CVE-2015-9235/\u672a\u9a8c\u8bc1\u7b7e\u540d\u653b\u51fb/CVE-2016-10555/CVE-2018-0114/CVE-2020-28042\u7684\u7ed3\u679c\u751f\u6210\u7528\u4e8eFUZZ\uff0c\u4e5f\u53ef\u4f7f\u7528\u5b57\u5178/\u5b57\u7b26\u679a\u4e3e(\u5305\u62ecJJWT)\u7684\u65b9\u5f0f\u8fdb\u884c\u7206\u7834\nURL\uff1ahttps://github.com/z-bool/Venom-JWT\n\n\u6807\u7b7e\uff1a#\u6f0f\u6d1e\u9a8c\u8bc1", "creation_timestamp": "2025-01-28T13:54:03.000000Z"}, {"uuid": "6e75a064-088e-40b2-afce-30826209e92b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-28042", "type": "seen", "source": "https://t.me/pt_soft/21", "content": "The JSON Web Token Toolkit v2\n\n\ud83d\udc0d A toolkit for testing, tweaking and cracking JSON Web Tokens\n\n\u041f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u043d\u0430 \u0432\u0430\u043b\u0438\u0434\u043d\u043e\u0441\u0442\u044c\n\u041f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u043d\u0430 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438:\n(CVE-2015-2951) alg=none\n(CVE-2016-10555) RS/HS256 public key mismatch\n(CVE-2018-0114) Key injection\n(CVE-2019-20933/CVE-2020-28637) Blank password\n(CVE-2020-28042) Null signature\n\n#json #jwt #jwt_tool #json_web_token", "creation_timestamp": "2023-08-02T10:00:03.000000Z"}]}