Submeter #263256: Engineers Online Portal Web 1.0 Session Fiaxtion Vulnerabilityinformação

TítuloEngineers Online Portal Web 1.0 Session Fiaxtion Vulnerability
DescriçãoDear Janno palacios, I hope this message finds you well. I would like to express my gratitude for your valuable time and attention. My brother and I have successfully identified a medium-level vulnerability, "Session Fiaxtion Vulnerability", within your Engineers Online Portal Application. Consequently, I am writing this email to provide you with a comprehensive Proof of Concept, including a video demonstration and relevant screenshots. Furthermore, I would like to kindly request your consideration in assigning a CVE identifier to this discovery. I have attached a previous example for the same application for your reference. Link for the previous CVE https://vuldb.com/?id.249182 Thank you once again for your time, and I look forward to your response. Sincerely, Ahmed Hassan ----- The Session Cookies are after logging in out and again logging in the same Cookies -> this shows us that we have a Session Fixation Vulnerability cause in case an attacker can steal the Cookies of the Admin they will stay the same and the attacker will forever access the admin account cause the Session Cookies are the same. Lets see :) Lets log out and login to see the Cookie Attribute 1.st Cookie Attribute: 63io6svc8gj2d06atsnn0f4cbj Lets log out and login again to see if the Cookie Attribute will be changed or not 2.nd Cookie Attribute: 63io6svc8gj2d06atsnn0f4cbj As you can see its the same and we have a Session Fixation Vulnerability. Thank you
Fonte⚠️ https://mega.nz/file/LJlBQLhR#Ix4yNMdtVtlJFQP6Ae6fbXmnyH4bXTTAWN_JT5kzXzg
Utilizador
 ahmed8199 (UID 60803)
Submissão06/01/2024 17h35 (há 2 anos)
Moderação09/01/2024 15h14 (3 days later)
EstadoAceite
Entrada VulDB250119 [SourceCodester Engineers Online Portal 1.0 Autenticação fraca]
Pontos20

Do you know our Splunk app?

Download it now for free!