Session Fixation Via Cookie Value
Overview
The application does not set a new Session ID in the cookie after what appears to be an authentication attempt by the user. If this was a successful login and the Session IDs are stored in cookies then this application is affected by Session Fixation vulnerability.
To reproduce this vulnerability
1.open chrome and download edit this cookie ad-don
To perform the steps . Download EditThisCookie extension on google chrome
https://chrome.google.com/webstore/detail/editthiscookie/fngmhnnpilhplaeedifhccceomclgfbg/related?hl=en
2.Now open https://www.example.com/ and log in
3.Now go to edit this cookie add-on and click export all cookies ...by clicking this we get the cookie copied in clipboard.
4.Logout from your https://www.example.com/ account.
5.If needed u can close and open your browser.
6.Now again go to https://www.example.com/ but don't login..just simply go to edit this cookie add-on and click import a Cookie and paste the code which we previously exported.
7.After pasting just refresh the page and that's done you are now logged into your account without login details...
Impact
1.Anyone can easily hijack victims or users session and get into his account
2.Cookie stealing is the best way the hacker can get into and account..it would not take more than 5min to steal someones cookie using PHP n all...
3.Even friends can fool the victim and get him hacked..
Solution
Manage session properly.this problem is mainly faced because the session doesn't get expired or doesn't get closed when logout is pressed.each time the user logins the cookie must hold a unique different session id to proceed.
Example Report:
https://hackerone.com/reports/6504
0 comments:
Post a Comment