Saturday, 19 July 2025

Friday Fun Pentest Series - 30 - Session Fixation - bluditv3.16.2

Description

- It was noted that the application did not correctly reissue a new session upon logging into the application therefore was vulnerable to  Session Fixation


Session Fixation #1

Steps to Reproduce:
  1. Visit the login page. Login with valid user and observe that the sessionID has not been changed

// HTTP POST request logging in

POST /bludit/admin/ HTTP/1.1
Host: 192.168.58.133
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:140.0) Gecko/20100101 Firefox/140.0
[...]
tokenCSRF=551bee4a6e6d065481ec1d29d9b37335475ae1d0&username=admin&password=password&save=


// HTTP response

HTTP/1.1 301 Moved Permanently
Date: Tue, 03 Jun 2025 20:34:36 GMT
Server: Apache/2.4.37 (Unix) OpenSSL/1.0.2q PHP/5.6.40 mod_perl/2.0.8-dev Perl/v5.16.3
[...]

No comments:

Post a Comment

Friday Fun Pentest Series - 40 - CSV Injection - silverstripecmsv6.0.0

Description - It was noted that the application was vulnerable to CSV Injection in the "Users" functionality CSV Injection #1: Ste...