Adding more vulnerable levels to JWT Vulnerability

[preetkaran20]

Is your feature request related to a problem? Please describe. We have many levels under JWT Vulnerability https://github.com/SasanLabs/VulnerableApp/blob/master/src/main/java/org/sasanlabs/service/vulnerability/jwt/JWTVulnerability.java but there are few attack vectors which are missing like Header Param injections as described at: https://portswigger.net/web-security/jwt.

There may be few others missing so the task is to include the missing Vulnerabilities.

[ehizman]

Working on this Karan.

[leiberbertel]

Hi team!

I've been reviewing the work you've done with the JWT vulnerabilities in JWTVulnerability.java and would love to help expand it. I've noticed that some vulnerabilities, such as header parameter injections, are not yet covered. I have some ideas on how we can address this and other attack vectors that might be missing.

Could I collaborate with you on this? I'm ready to start working as soon as I get the go-ahead.

Thanks and I look forward to contributing!

[preetkaran20]

@leiberbertel Thanks a lot for going through the codebase. Yeah sure. I have assigned the ticket to you.

Thanks, Karan

[leiberbertel]

Hi Karan! Thank you so much for assigning me the ticket. I'm really excited to start working on this and contribute to the improvement of JWT vulnerabilities.

I'll start reviewing everything in detail and will keep you posted on my progress. If there is anything specific you need to discuss or any additional details, feel free to let me know.

I really appreciate this opportunity!

Greetings, Leiber

[leiberbertel]

Hi Karan,

I've linked the issue to the pull request I just created, but it looks like I didn't have the option to assign it to you directly. could you take a look at it when you have a moment, thanks in advance!

Regards,