Archives
-
Guess Cookie, Hijack Session!
In addition to my previous article – Old Cookies Die Hard, and detailed disclosure of LinkedIn Vulnerability, I studied the cookie patterns from different websites. Many of these websites have complex patterns in the cookies which are long enough (> 100 characters) and complex (A-Z, a-z, 0-9 and symbols). In ideal case (Web Session Management [...]
Mar 23rd, 2013 | Filed under HackingTags: acces code, application, cookie, design flaw, disclosure, hack, login, owasp, pentest, research, security, session management, vulnerability, web, webserver -
Old Cookies Die Hard
HTTP Cookies have always been an important part of authentication, and session management. But, ever since the session management grew complex, its correlation with security has gone for a toss. Developers pay a lot of attention on keeping the session(s) valid, and more so valid even after a successful logout. Now, this accounts to a [...]
Mar 19th, 2013 | Filed under HackingTags: application, browser, cookie, facebook, google, linkedin, outlook, owasp, session management, twitter, vulnerability, web, webserver, yahoo -
LinkedIn Cookie Vuln.
Rishi Narang, a security researcher and consultant, has discovered multiple vulnerabilities in LinkedIn (www.linkedin.com) which can enable an attacker to modify an account “without password”. Read information of this session management nightmare at www.wtfuzz.com or contact him at twitter (@rnarang) for further details.
Tags: cookie, exploit, GST, hack, leo_auth_token, LIM, linkedin, narang, network, networking, POC, professional, research, rishi, rishi.narang, rishinarang, rnarang, security, session, ssl, twitter, vulnerability