Vulernable Next.js App - Part 1: JWTs in Local Storage

The first part of a longer series where I document and recreate common web app vulnerabilities. I've decided to do this with Next.js, not only out of familiarity, but because it is an increasingly popular framework used to build modern web applications.

The first exploit I wanted to recreate was a common one around storing JWT auth tokens in local storage. Common for developers to not fully understand why this is a security concern and implement it anyways due to how easy it is to put together.

Vulnerability

In progress...

Exploit

In progress...

Remediation

In progress...