> Solved by Legend

In this challenge there is a website in which we need to buy a ticket, but we are added to a long queue.


There was a JWT token to us which contains the info for our ticket.


So I modified the value for `queue_time` but got an error because the token's signature was failing, but the server responded with too much information including the `queue_time`.


I used the `JWT_SECRET` to sign the token which I modified and got in to purchase the ticket.


Once the purchase is done we can get the flag from the API request of the ticket PDF.


**Key Learning and Takeaways**

- Don’t trust JWTs blindly they can be modified if the secret is known or weak.
- Error messages can leak useful information always read them carefully.
- JWT signing is a common web security flaw when secrets are exposed or guessable.

Original writeup (https://twc1rcle.com/ctf/team/ctf_writeups/nahamcon_2025/web/InfiniteQueue).