Skip to content

Commit 27c14a6

Browse files
KathanP19KathanP19
authored
Update and rename BrokenAuthAnd Session Managment/Sessionbased (Easy P4bugs) to Broken Auth And Session Managment/Sessionbased (Easy P4bugs).md
1 parent 8341446 commit 27c14a6

File tree

1 file changed

+19
-13
lines changed

1 file changed

+19
-13
lines changed

BrokenAuthAnd Session Managment/Sessionbased (Easy P4bugs) renamed to Broken Auth And Session Managment/Sessionbased (Easy P4bugs).md

Lines changed: 19 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -1,40 +1,46 @@
1+
# Session Based Bugs
2+
13
-------------------------------------------------------------------------------------------------------------------------------------------------------------------
24

3-
1.Old Session Does Not Expire:
4-
Steps:
5+
### Old Session Does Not Expire:
6+
* Steps:
7+
```
58
1.create your account
69
2.open two browser eg.,chrome and firefox
710
3.Login in one browser eg.chrome
811
4.In other browser(firefox) login either change your password or reset your password
912
5.After successfully changed or reset go to other browser refresh the page if you are still logged in
10-
11-
Than this is an old session does not expire bug
13+
```
14+
Than this is an old session does not expire bug
1215

1316

14-
2.Session Hijacking(Intended Behavior)
15-
steps:
17+
### Session Hijacking(Intended Behavior)
18+
* Steps:
19+
```
1620
1.Create your account
1721
2.Login your account
1822
3.Use cookie editor extension in browser
1923
4.Copy all the target cookies
2024
5.Logout your account
2125
6.Paste that cookies in cookie editor extension
2226
7.Refresh page if you are logged in than this is a session hijacking
23-
24-
Impact:If attacker get cookies of victim it will leads to sessin hijacking
25-
27+
```
28+
`Impact:` If attacker get cookies of victim it will leads to sessin hijacking
2629

27-
3.Password reset link token does not expire(Insecure Configurability)
2830

29-
30-
Steps:
31+
### Password reset link token does not expire(Insecure Configurability)
32+
* Steps:
33+
```
3134
1.Create your account on target
3235
2.request a forget password link
3336
3.Don't use that link
3437
4.Instead logged in with your old password and change your email to other
3538
5.Now use that password link sents to old email and check if you are able to change your password if yes than there is the title bug.
36-
39+
```
3740
3841
Happy Hacking:)
3942

4043
Resources:Google,Youtube.
44+
45+
# Authors
46+
* [https://twitter.com/Virdoex_hunter](https://twitter.com/Virdoex_hunter)

0 commit comments

Comments
 (0)