View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0007099||Kali Linux||[All Projects] Feature Requests||public||2021-03-15 10:40||2021-06-30 08:49|
|Target Version||Fixed in Version|
|Summary||0007099: SESSION HIJACKING.|
|Description||VULNERABILITY NAME: SESSION HIJACKING.|
VULNERABILITY URL: https://bugs.kali.org/
In computer science, session hijacking, sometimes also known as cookie hijacking is the exploitation of a valid computer session—sometimes also called a session key—to gain unauthorized access to information or services in a computer system.
|Steps To Reproduce|
STEPS TO REPRODUCED:
1) Log in to your account
2) Copy your cookies
4) Clear browser cookies
5) Paste the cookies (copied in step 2)
6) Refresh the page
7) Now you will be logged into the account
|Additional Information||The Patch:|
Cookies should expire after the logout and previous cookies should not be used for logging into the account, they should expire!
The malicious attacker can enter the server and access its information without having to hack a registered account. In addition, he can also make modifications on the server to help him hack it in the future or to simplify a data-stealing operation.