Another (P4) Bug Report Got Accepted for (session) Vulnerability

Hey there Sanjeev this side, This is my second report that i got submitted and got P4 on this. It was a really a good experience while finding this vulnerability.

Lets get back to the story behind the vulnerability i found

lets name the target as target.com. I choose the target and used my methodology i use like doing recon finding files and then i started checking out the functionalities the site had. I created accounts to check the pre login and post login functionality.

Then i moved further with the authentication process, No doubt it was secured very well with multilevel verification. When i was checking the functionalities, i realised that the system was verifying the user at every step with token. It was really a secured target. I was like what will i get here but again small things are often remain untouched and that's the place for new hunters to test.

I intercepted the login and user profile request using burpsuite. I did some thing with those requests and then I came up a cookie that was used to keep the login session alive. I was getting used to verify wheather the user has logged in or not. I copied the cookie and made the request for logout. The system must remove all the cookies related to that account you are logged out. But when I pasted that same cookie in the application tab in inspect mode in incognito, That cookie got me logged in directly to the account. The vulnerability here is Session not properly Invalidated. If there is a way like XSS or any other way through which the cookie can be extracted then by chainig it with this, It will lead to Account Take over.

I Submitted the report and got accepted. It Was fun finding the bugs where the small action lead to a result.

Thank you for reading, Happy to connect on linkedin