Professional Documents
Culture Documents
Vulnerability (Broken Authentication and Session Management)
Vulnerability (Broken Authentication and Session Management)
Description
Risk Rating
Severe
Complexity of Attack
Average
Impact
Such flaws may allow some or even all accounts to be attacked. Once successful,
the attacker can do anything the victim could do. Privileged accounts are
frequently targeted.
1.1 How test was performed
4. Now select that session id and click on edit. In the content section, replace the
session id with the one we have copied in machine-1 and click on save as shown
below:
5. The session id has been fixed in machine-2. Now without any login, just hit the
internal URL “https://www.boozt.com/eu/en/customer” and we will get the
access to the authenticated page as shown below: