QRLJacking or Quick Response Code Login Jacking is a simple-but-nasty attack vector affecting all the applications that relays on “Login with QR code” feature as a secure way to login into accounts which aims for hijacking users session by attackers.
Description:
If you scan multiple devices with same server link, it will store the last scanned device in the same session. For example, if I scan device A, B, and C then ideally it shall store it in session 1, 2, and 3 respectively. However, what is happening here is that it stores session of device A as session 1, then stores device B's session as session 1 and removes device A's session and so on.
melbadry9
commented
3 years ago
QR Jacker is not storing session properly.
Description: If you scan multiple devices with same server link, it will store the last scanned device in the same session. For example, if I scan device A, B, and C then ideally it shall store it in session 1, 2, and 3 respectively. However, what is happening here is that it stores session of device A as session 1, then stores device B's session as session 1 and removes device A's session and so on.