SMK Muhammadiyah 2 Palembang
  • Introducation
  • The Basics
    • Basics of linux
    • Bash-scripting
    • Vim - Text Editor
    • Nano - Text Editor
  • Windows
    • Basics of windows
    • PowerShell
    • CMD - Windows commands
  • Scripting With Python
    • Python fundamentals
      • Useful Scripts
    • Transferring Files
      • Transferring Files on Linux
      • Transferring Files to Windows
    • Firewalls
  • Recon and Information Gathering Phase
    • Passive information gathering
    • Identify IP-addresses and Subdomains
      • Dorking Find Subdomains
      • Find Subdomains
      • DNS Basics
      • DNS Zone Transfer Attack
      • Identifying People
      • Search Engine Discovery
      • Active information gathering
      • Port Scanning
  • Vulnerability analysis
    • Server-side Vulnerabilities
      • Port knocking
    • HTTP - Web Vulnerabilities
      • Web-services
      • Common web-services
        • WAF - Web application firewall
          • WAF - Web application firewall
          • Attacking the System
          • Local File Inclusion (LFI)
          • Remote File Inclusion
          • Find hidden files and directories
          • SQL-injections
          • Nosql-injections
          • XML External Entity Attack
          • Bypass File Upload Filtering
          • Exposed Version Control
          • Failure to Restrict URL Access
    • Attacking the user
      • Clickjacking
      • Broken Authentication or Session Management
      • Text/content-injection
      • Subdomain Takeover
      • Cross Site Request Forgery
      • Cross-site-scripting
        • Examples
      • Browser vulnerabilities
      • Java applet
      • Automated Vulnerability Scanners
    • Exploiting
      • Social Engineering - Phishing
      • Default Layout of Apache on Different Versions
      • Shell
      • Webshell
      • Generate shellcode
      • Editing exploits
      • Compiling windows exploits
    • Post Exploitation
      • Spawning shells
      • Meterpreter shell for post-exploitation
      • Privilege Escalation
      • Privilege Escalation Windows
      • Escaping Restricted Shell
      • Bypassing antivirus
      • Loot and Enumerate
        • Loot Windows
        • Loot Linux
      • Persistence - Rootkit - Backdoor
      • Cover your tracks
  • Password Cracking
    • Generate custom wordlist
    • Offline password cracking
    • Online password cracking
    • Pass the hash - reusing hashes
  • Pivoting - Port forwarding - Tunneling
    • Pivoting
  • Network traffic
    • Arp-spoofing - Sniffing traffic
      • SSL-strip
    • DNS-spoofing
    • Wireshark
  • Wifi
    • WPS
    • WEP
  • Physical access to machine
  • Literature
Powered by GitBook
On this page
  1. Vulnerability analysis
  2. Attacking the user

Broken Authentication or Session Management

PreviousClickjackingNextText/content-injection

Last updated 2 years ago

Password reset link does not expire

  1. You create an account in example.com. You add email a@email.com

  2. Your email account gets hacked.

  3. The hacker figures out you have a user on example.com. The hacker clicks the reset-password-link. But does not use it.

  4. The hacked person figures out that he is hacked and thus goes to example.com to change his password.

  5. The hacker now clicks on the link and manage to reset the password.

The problem here is that the first reset-link should be blocked once the second is sent.

Relevant bug bounty reports

Cookie does not expire

An easy way to test this is by using burp-suite.

  1. Open burp-suite

  2. Login to a website you want to test

  3. Intercept the request, anyone will do.

  4. Right click on the request in burp-suite and click on "Send to repeater". Now you have saved that request for later. With the current cookie.

  5. Log out from the website

  6. Go to the Repeater-tab in burp and click on "Go".

  7. Verify that you are redirected to the login.

Relevant reports on hackerone

https://hackerone.com/reports/23579
https://hackerone.com/reports/39203
https://hackerone.com/reports/23921
https://hackerone.com/reports/18503