Infinite Queue Writeup

Solved by Legend

In this challenge there is a website in which we need to buy a ticket, but we are added to a long queue.

There was a JWT token to us which contains the info for our ticket.

So I modified the value for queue_time but got an error because the token’s signature was failing, but the server responded with too much information including the queue_time.

I used the JWT_SECRET to sign the token which I modified and got in to purchase the ticket.

Once the purchase is done we can get the flag from the API request of the ticket PDF.

Key Learning and Takeaways

• Don’t trust JWTs blindly they can be modified if the secret is known or weak.
• Error messages can leak useful information always read them carefully.
• JWT signing is a common web security flaw when secrets are exposed or guessable.