| Title | Engineers Online Portal Web 1.0 Session Fiaxtion Vulnerability |
|---|
| Description | Dear Janno palacios,
I hope this message finds you well.
I would like to express my gratitude for your valuable time and attention.
My brother and I have successfully identified a medium-level vulnerability, "Session Fiaxtion Vulnerability", within your Engineers Online Portal Application.
Consequently, I am writing this email to provide you with a comprehensive Proof of Concept, including a video demonstration and relevant screenshots.
Furthermore, I would like to kindly request your consideration in assigning a CVE identifier to this discovery. I have attached a previous example for the same application for your reference.
Link for the previous CVE https://vuldb.com/?id.249182
Thank you once again for your time, and I look forward to your response.
Sincerely,
Ahmed Hassan
-----
The Session Cookies are after logging in out and again logging in the same Cookies -> this shows us that we have a Session Fixation Vulnerability cause in case an attacker can steal the Cookies of the Admin they will stay the same and the attacker will forever access the admin account cause the Session Cookies are the same.
Lets see :)
Lets log out and login to see the Cookie Attribute
1.st Cookie Attribute: 63io6svc8gj2d06atsnn0f4cbj
Lets log out and login again to see if the Cookie Attribute will be changed or not
2.nd Cookie Attribute: 63io6svc8gj2d06atsnn0f4cbj
As you can see its the same and we have a Session Fixation Vulnerability.
Thank you |
|---|
| Source | ⚠️ https://mega.nz/file/LJlBQLhR#Ix4yNMdtVtlJFQP6Ae6fbXmnyH4bXTTAWN_JT5kzXzg |
|---|
| User | ahmed8199 (ID 60803) |
|---|
| Submission | 2024-01-06 17:35 (4 months ago) |
|---|
| Moderation | 2024-01-09 15:14 (3 days later) |
|---|
| Status | Przyjęty |
|---|
| VulDB Entry | 250119 |
|---|