ctrl+c & ctrl+v to Steal SESSIONID

Severity : Medium

Complexity: Medium

Weakness: Missing Click-jacking Header

• During directory brute-forcing for 2–3 days , I Came Across Following Endpoint .

https://site.com/ping/ loggedIn

• Response :

{
“type”: “Ping”,
“loggedIn”: true,
“username”: “arbazkiraak007”,
“sessionId”: “54CA86A999CB2DE0CD87F1EB37289261-n3”,
“instanceId”: “i-3c2662af”
}

• Which Cointain’s the Cookie Header Value i.e SESSIONID in Response.
• Their Application have Good Protection Against Click-jacking Vector’s on each and Every Endpoint But They missed Adding X-FRAME-OPTION Header to this endpoint .

• Created a Simple Demonstration of Stealing SESSIONID By Copy paste Game!