How I Hacked An Account [Unplanned]
2023-9-18 11:39:39 Author: infosecwriteups.com(查看原文) 阅读量:12 收藏

Md. Shamim

InfoSec Write-ups

Hello there, tech enthusiasts, innovators, and curious minds!

So the story starts from here, I was looking for a university where I could continue my post-graduation, Fortunately, I found I visited their website to apply. Thereafter, I applied for myself and another application for my friend. When I was downloading my transaction receipt. It would redirect me to my friend’s receipt tab without any authentication. What? Yes haha

I understood, there was something wrong with session management.

I hit my burpsuite and intercepted both accounts’ requests. I captured it, We were getting the same Session ID. Now you know what I'm gonna do. yes haha. I thought to validate this issue safely so that I could report it legally.

Friend’s account request

Thereafter, I closed his tab. And logged into my account and I made the request to get a receipt from the website. And intercepted the request Obviously, I would get nothing. I didn't apply so far.

Mine account request

Then, I replaced the cookie value with friend’s . Let me tell you once again, I play ethically, but attackers can grab this cookie value of students as well. There are a lot of ways. Now I turned off the intercept, and guess what? I broke into my friend’s account.

Relax guys, I reported to the university, Hopefully, they will fix it.

Thank you for reading, Take care


文章来源: https://infosecwriteups.com/how-i-hacked-an-account-unplanned-86e1e2a8b2ac?source=rss----7b722bfd1b8d--bug_bounty
如有侵权请联系:admin#unsafe.sh