🚀Ready to level up your web security game? Unlock 15 courses and over 50 hours of content with our All-Access Membership for just $1/day: academy.ranakhalil.com/p/all-access-membership 🌟
Thx! 🙏 excuse me Rana i have a small question , Is it a vulnerability like if we created 2 accounts A and B and swapped only the (sessionsID) of account B to account A and send the request from account A which gonna return 200 OK and let us access account B ? . While keeps every things else as its such CSRF,accountID,middleware without changing them. Lookin patiently for your response.
No that's not a vulnerability. The session id is what authenticates and authorizes the user and so if you swap it, it should present you with the user that is tied to that session id.
@@RanaKhalil101 Can we see scenarios similar to the one which is been portrayed within this lab in real world web applications ? Waiting for your reply patiently
🚀Ready to level up your web security game? Unlock 15 courses and over 50 hours of content with our All-Access Membership for just $1/day: academy.ranakhalil.com/p/all-access-membership 🌟
Thx! 🙏 excuse me Rana i have a small question , Is it a vulnerability like if we created 2 accounts A and B and swapped only the (sessionsID) of account B to account A and send the request from account A which gonna return 200 OK and let us access account B ? . While keeps every things else as its such CSRF,accountID,middleware without changing them. Lookin patiently for your response.
No that's not a vulnerability. The session id is what authenticates and authorizes the user and so if you swap it, it should present you with the user that is tied to that session id.
@@RanaKhalil101 Can we see scenarios similar to the one which is been portrayed within this lab in real world web applications ? Waiting for your reply patiently