Preface
Remember a permission bypass caused by JWT. The following related links are all made up at will.
1. Ideas
1) Log in to the system using an account with a weak password.
2) When accessing the URL: https://xxxxx:8888/aaaa/bbbb/cccc/list?ids=418, you will be prompted for insufficient access permissions.
3) After capturing the packet, it was found that it was JWT token authentication.
4) Add Authorization: Bearer and paste and copy the content in the token to bypass it.