Archives
-
Guess Cookie, Hijack Session!
In addition to my previous article – Old Cookies Die Hard, and detailed disclosure of LinkedIn Vulnerability, I studied the cookie patterns from different websites. Many of these websites have complex patterns in the cookies which are long enough (> 100 characters) and complex (A-Z, a-z, 0-9 and symbols). In ideal case (Web Session Management [...]
Mar 23rd, 2013 | Filed under HackingTags: acces code, application, cookie, design flaw, disclosure, hack, login, owasp, pentest, research, security, session management, vulnerability, web, webserver -
LinkedIn Cookie Vuln.
Rishi Narang, a security researcher and consultant, has discovered multiple vulnerabilities in LinkedIn (www.linkedin.com) which can enable an attacker to modify an account “without password”. Read information of this session management nightmare at www.wtfuzz.com or contact him at twitter (@rnarang) for further details.
Tags: cookie, exploit, GST, hack, leo_auth_token, LIM, linkedin, narang, network, networking, POC, professional, research, rishi, rishi.narang, rishinarang, rnarang, security, session, ssl, twitter, vulnerability