Enviar #263256: Engineers Online Portal Web 1.0 Session Fiaxtion Vulnerabilityinformación

TítuloEngineers Online Portal Web 1.0 Session Fiaxtion Vulnerability
DescripciónDear Janno palacios, I hope this message finds you well. I would like to express my gratitude for your valuable time and attention. My brother and I have successfully identified a medium-level vulnerability, "Session Fiaxtion Vulnerability", within your Engineers Online Portal Application. Consequently, I am writing this email to provide you with a comprehensive Proof of Concept, including a video demonstration and relevant screenshots. Furthermore, I would like to kindly request your consideration in assigning a CVE identifier to this discovery. I have attached a previous example for the same application for your reference. Link for the previous CVE https://vuldb.com/?id.249182 Thank you once again for your time, and I look forward to your response. Sincerely, Ahmed Hassan ----- The Session Cookies are after logging in out and again logging in the same Cookies -> this shows us that we have a Session Fixation Vulnerability cause in case an attacker can steal the Cookies of the Admin they will stay the same and the attacker will forever access the admin account cause the Session Cookies are the same. Lets see :) Lets log out and login to see the Cookie Attribute 1.st Cookie Attribute: 63io6svc8gj2d06atsnn0f4cbj Lets log out and login again to see if the Cookie Attribute will be changed or not 2.nd Cookie Attribute: 63io6svc8gj2d06atsnn0f4cbj As you can see its the same and we have a Session Fixation Vulnerability. Thank you
Fuente⚠️ https://mega.nz/file/LJlBQLhR#Ix4yNMdtVtlJFQP6Ae6fbXmnyH4bXTTAWN_JT5kzXzg
Usuario
 ahmed8199 (UID 60803)
Sumisión2024-01-06 17:35 (hace 2 años)
Moderación2024-01-09 15:14 (3 days later)
EstadoAceptado
Entrada de VulDB250119 [SourceCodester Engineers Online Portal 1.0 autenticación débil]
Puntos20

Want to know what is going to be exploited?

We predict KEV entries!