updated finearts blog

Author: j4ck4l-24

source/_posts/web_exploitation_at_finearts.md

@@ -29,20 +29,19 @@ It is clearly visible that we have different features such as creating and viewi
 
 Creating a new artist or an artwork via the admin panel gave us a `401 unauthorized error`. Therefore, we decided to use BurpSuite to capture the request. Using Burp Suite, we captured the request and quickly found a JSON Web Token (JWT) in the request headers. Using [jwt.io](https://jwt.io/), we decoded the Json Web Token and got the following payload.
 
-
-![jwt](../assets/finearts/jwt.png)
+![jwt](../assets/finearts/original_jwt.png)
 
 
 It’s clearly visible that the JWT payload has a special value `UserRole` which was set to `user` by default. This means that any new user created via the admin panel would be assigned the role `user` which doesn’t have enough privileges to create new artists and artworks. Therefore, we decided to perform privilege escalation in order to gain elevated privileges (for example, admin).
 
 
 We tried common exploits of JWT such as `Weak Key Attack` and it worked. We used jwt_tool to crack the JWT and the signature key we found was surprisingly empty which is a bad practice in terms of web security.
 
+![jwt_crack](../assets/finearts/jwt_cracked.png)
 
+Hence we modified the token using [jwt.io](https://jwt.io/) and changed the `UserRole` to admin and forged the token as given below.
 
-
-
-![jwt_crack](../assets/finearts/jwt_cracked.png)
+![forged_jwt](../assets/finearts/forged_jwt.png)
 
 We sent the same request again with the forged token. And yesss we added the artwork successfully.