token-forgery

An HTB web challenge, the app shipped its JWT signing key in the client-side bundle, so reading it from DevTools let me forge an admin token, hit a privileged endpoint and grab the flag.