Hello there, tech enthusiasts, innovators, and curious minds!
So the story starts from here, I was looking for a university where I could continue my post-graduation, Fortunately, I found I visited their website to apply. Thereafter, I applied for myself and another application for my friend. When I was downloading my transaction receipt. It would redirect me to my friend’s receipt tab without any authentication. What? Yes haha
I understood, there was something wrong with session management.
I hit my burpsuite and intercepted both accounts’ requests. I captured it, We were getting the same Session ID. Now you know what I'm gonna do. yes haha. I thought to validate this issue safely so that I could report it legally.
Thereafter, I closed his tab. And logged into my account and I made the request to get a receipt from the website. And intercepted the request Obviously, I would get nothing. I didn't apply so far.
Then, I replaced the cookie value with friend’s . Let me tell you once again, I play ethically, but attackers can grab this cookie value of students as well. There are a lot of ways. Now I turned off the intercept, and guess what? I broke into my friend’s account.
Relax guys, I reported to the university, Hopefully, they will fix it.
Thank you for reading, Take care