Infinite Queue Writeup
Nahamcon 2025
Solved by Legend
In this challenge there is a website in which we need to buy a ticket, but we are added to a long queue.
There was a JWT token to us which contains the info for our ticket.
So I modified the value for queue_time
but got an error because the token’s signature was failing, but the server responded with too much information including the queue_time
.
I used the JWT_SECRET
to sign the token which I modified and got in to purchase the ticket.
Once the purchase is done we can get the flag from the API request of the ticket PDF.
Key Learning and Takeaways
- Don’t trust JWTs blindly they can be modified if the secret is known or weak.
- Error messages can leak useful information always read them carefully.
- JWT signing is a common web security flaw when secrets are exposed or guessable.