This is POC on cookie manipulation .Here is some information about it.
HTTP is a stateless protocol. In 1994, Netscape invented a mechanism called a "cookie" as a method for session tracking. A cookie is a small piece of information usually created by the Web server and stored in the Web browser. Each time the user contacts the Web server, this data is passed back to the server. The cookie contains information used by Web applications to persist and pass variables back and forth between the browser and the Web application.
There are two types of client-side cookies:
-Persistent cookies: Which are stored in a file on the client until an expiry date.
-Session cookies: Which are kept in the memory of the client until the session is ended.
As a result of the cookie structure and their usage, all data stored in a client-side cookie could be easily read and manipulated. The risk of tampering with data and even information disclosure is very high. Due to the fact that many cookies are Base64 encoded, no cryptographic protection is offered. The best practice to avoid cookie manipulation is to be suspicious of data stored in cookies.
But id this issue the redirect value was being sent into the cookies so i jet started to look in to it and by changing the value to it to other urls and it worked Like a charm :) and as they had Flex Bounty Program at Bugcrowd and this issue got accepted and i received a bounty of $100
I hope that you will like it and learn new thing from it :) so comment if you like this ONE
This is very new thing i have seen ...
ReplyDeleteGood One bro.