Invia #263256: Engineers Online Portal Web 1.0 Session Fiaxtion Vulnerabilityinformazioni

TitoloEngineers Online Portal Web 1.0 Session Fiaxtion Vulnerability
DescrizioneDear Janno palacios, I hope this message finds you well. I would like to express my gratitude for your valuable time and attention. My brother and I have successfully identified a medium-level vulnerability, "Session Fiaxtion Vulnerability", within your Engineers Online Portal Application. Consequently, I am writing this email to provide you with a comprehensive Proof of Concept, including a video demonstration and relevant screenshots. Furthermore, I would like to kindly request your consideration in assigning a CVE identifier to this discovery. I have attached a previous example for the same application for your reference. Link for the previous CVE https://vuldb.com/?id.249182 Thank you once again for your time, and I look forward to your response. Sincerely, Ahmed Hassan ----- The Session Cookies are after logging in out and again logging in the same Cookies -> this shows us that we have a Session Fixation Vulnerability cause in case an attacker can steal the Cookies of the Admin they will stay the same and the attacker will forever access the admin account cause the Session Cookies are the same. Lets see :) Lets log out and login to see the Cookie Attribute 1.st Cookie Attribute: 63io6svc8gj2d06atsnn0f4cbj Lets log out and login again to see if the Cookie Attribute will be changed or not 2.nd Cookie Attribute: 63io6svc8gj2d06atsnn0f4cbj As you can see its the same and we have a Session Fixation Vulnerability. Thank you
Fonte⚠️ https://mega.nz/file/LJlBQLhR#Ix4yNMdtVtlJFQP6Ae6fbXmnyH4bXTTAWN_JT5kzXzg
Utente
 ahmed8199 (UID 60803)
Sottomissione06/01/2024 17:35 (2 anni fa)
Moderazione09/01/2024 15:14 (3 days later)
StatoAccettato
Voce VulDB250119 [SourceCodester Engineers Online Portal 1.0 autenticazione debole]
Punti20

Want to stay up to date on a daily basis?

Enable the mail alert feature now!