Hi my dear friends ,Mr. Horbio This site.
After long time , I am here with another interesting bug Bounty article. Today I will Telling about How to Bypass Login panel using SessionID. There are lot of ways to Bypass Login Panel But in this article i will give you and one of the best technique if that bug will exist your target. But still it is interesting for you.
First of all we Understand the basics :
Session: A session is used to save information on the server momentarily so that it may be utilized across various pages of the website. It is the overall amount of time spent on an activity. The user session begins when the user logs in to a specific network application and ends when the user logs out of the program or shuts down the machine.
SessionID : A session ID, also called a session token, is a unique identifier that a web server assigns to a user for the duration of the current session. A session is a finite period of interaction between a web client and server.
Session Fixation:
Session fixation is a web-based attack technique where an attacker tricks the user into opening a URL with a predefined session identifier. Session fixation attacks can allow the attacker to take over a victim’s session to steal confidential data, transfer funds, or completely take over a user account.
I think You understand all over things.
That was the basics of this attack and Yaa the attack is Session Fixation.
You can find this Vulnerability easily. First of all you need to get all login pages of your target system.
Find login panels using google dorks :
site:<target.com> inurl:loginAfter getting all login pages you try to find this bug on the login pages.
For finding and exploiting this bug you need watch this video on my channel. Link below go and learn :
POC : https://youtu.be/DknJ1Z0J-HU
I hope you learn very well don’t forget to subscribe this channel and follw on the medium.
we’ll meet in next article with interesting thing.
Byy byy byy
