.png)
14 hours ago
7 BOOK THIS SPACE FOR AD
ARTICLE AD
hey there,
Today, I’m going to share with you an interesting bug I found in one of intigriti public programs. It was in a program that had a “Login via Facebook” feature.
Grab your coffee, and let’s get started! 😉
There is no session expiry after log-out which can help an attacker to take-over the full account by reusing it.
Reproduction Steps
Go to https://xxxxx.com/ and click on Sign InContinue with Google AccountUse “EditThisCookie” Extension to export the cookiesOnce you logged in — click on “EditThisCookie” Extension and export the cookiesNow open another browser and import those cookies — you can able to login an account by using cookiesLogout from your first browser — it should logout from another browser as well.Now, login again with your google account — This time use old cookies.By using old cookies, you can able to login victim’s account. (Whenever victim’s session is active)Attack Scenario: If a malicious user gets the victim’s cookies by exploiting any vulnerability, he can log in to victim’s account . Whenever the victim’s session is active an attacker can login victim’s account by using old cookies.
Impact: If a malicious user gets the cookies by exploiting any vulnerability, he can log in to the victim’s account.
Bengali (Bangladesh) · 
English (United States) ·