Vulnerability Assessment Penetration Test Report for Cookies (Category Web Exploitation - picoCTF)
Comments FOLLOW SITE

Ad

Vulnerability Assessment Penetration Test Report for Cookies (Category Web Exploitation - picoCTF)

Vulnerability Assessment Penetration Test Report for Cookies (Category Web Exploitation - picoCTF)
Profil Info Written By

Title: IDOR in Cookies section

Description of the Vulnerability: This website has an IDOR vulnerability in the cookies section.

Summary: In the picoCTF Cookies challenge, we were able to access the flag by changing the values of the cookie.

The technical investigation finished at 8:40 UTC, concluding that there was no malicious intent or indicators of exploitation.


Steps to reproduce: 

1. Click on the link to the COOKIES website.
2. Type the name of any cookie (e.g. snickerdoodle).
3. Inspect the page and go to the Cookies section under Application.
4. Change the value from 0 to 18 in the Value column.
5. PicoCTF Flag will be in front of you.


Impact:   

1. Directly got the flag by changing the values in the cookie section.


Mitigation: 

1. Do not store important information/details on the client-side.
2. Don't trust user inputs.
3. Store cookies in an encrypted format.


POC (Proof of concept): 





FLAG: picoCTF{3v3ry1_l0v3s_c00k135_bb3b3535}

0 Response to "Vulnerability Assessment Penetration Test Report for Cookies (Category Web Exploitation - picoCTF)"

Post a Comment

If you have any doubts, please let me know...

Subscribe to: Post Comments (Atom)

Ads Atas Artikel

Ads Center 1

Ads Center 2

Ads Center 3