CVEs-PoC/2016/CVE-2016-5431.md

### [CVE-2016-5431](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5431)
![](https://img.shields.io/static/v1?label=Product&message=jose-php&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=fixed%20in%202.2.1%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-327&color=brightgreen)

### Description

The PHP JOSE Library by Gree Inc. before version 2.2.1 is vulnerable to key confusion/algorithm substitution in the JWS component resulting in bypassing the signature verification via crafted tokens.

### POC

#### Reference
- https://github.com/nov/jose-php/commit/1cce55e27adf0274193eb1cd74b927a398a3df4b

#### Github
- https://github.com/ARPSyndicate/cve-scores
- https://github.com/ARPSyndicate/cvemon
- https://github.com/HiitCat/JWT-SecLabs
- https://github.com/Nucleware/powershell-jwt
- https://github.com/achmadismail173/jwt_exploit
- https://github.com/d3ck9/HTB-Under-Construction
- https://github.com/d7cky/HTB-Under-Construction
- https://github.com/google/pseudo-identity-provider
- https://github.com/mxcezl/JWT-SecLabs
- https://github.com/phramz/tc2022-jwt101
- https://github.com/suddenabnormalsecrets/pseudo-identity-provider
- https://github.com/vivekghinaiya/JWT_hacking