Session Hijacking on Spotify and Lifeinvader.com

Hii gyes,
Some thing about Session Hijacking.

When a application does not set a new Session ID in the cookie after what appears to be an authentication attempt by the user. If this was a successful login and the Session IDs are stored in cookies then this application is affected by Session Fixation vulnerability.

PoC

To reproduce this vulnerability 

1.open chrome and download edit this cookie ad-don 
2.now open https://www.target.com and log in 
3.now go to edit this cookie ad-don and click export all cookies ...by clicking this we get the cookie copied in clipboard.. 
4.logout from your https://www.target.com account... 
5.if needed u can close and open your browser. 
6.now again go to https://www.target.com but don't login , just simply go to edit this cookie ad-don and click import a cookie and paste the code which we previously exported. 7.after pasting , just refresh the page and that's done you are now logged into your account without login details.

Attack scenario
 Assuming a shared workstation scenario. In a typical session fixation attack, an attacker would navigate to the vulnerable application from a browser on the shared workstation, get a session cookie assigned from the server without authenticating to the app, record that cookie and then leave that workstation. When the victim comes and navigates to the same vulnerable application and authenticates to it, the session cookie assigned previously is sent along with that authentication request. The server does not update or change this cookie in the response after authenticating the victim and assigns the same value back in the response. But, since the attacker already has that value with him, he can use it on a different workstation and hijack a victim's account. Right? This is how a normal Session Fixation attack would work.




Contacts:

Facebook , Twitter , Github , Email



Comments

Popular Posts