ctrl+c & ctrl+v to Steal SESSIONID

Severity : Medium

Complexity: Medium

Weakness: Missing Click-jacking Header

  • During directory brute-forcing for 2–3 days , I Came Across Following Endpoint .

https://site.com/ping/ loggedIn

  • Response :

“type”: “Ping”,
“loggedIn”: true,
“username”: “arbazkiraak007”,
“sessionId”: “54CA86A999CB2DE0CD87F1EB37289261-n3”,
“instanceId”: “i-3c2662af”

  • Which Cointain’s the Cookie Header Value i.e SESSIONID in Response.
  • Their Application have Good Protection Against Click-jacking Vector’s on each and Every Endpoint But They missed Adding X-FRAME-OPTION Header to this endpoint .
  • Created a Simple Demonstration of Stealing SESSIONID By Copy paste Game!

Security Analyst

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store