In this walk through, we will be going through the Broken Authentication (Logout Management) vulnerability section from bWAPP Labs. We will be exploring and exploiting application’s logout management and learn how application are affected because of it. So, let’s get started with the Hacking without any delay.
Table of Contents
- Setting the security level to Low.
- The application has a Log out functionality on the page this time which is used to logout from the current session. Once clicked on the “here” on the page performs a call to ba_logout_1.php.
- I clicked on the “here” and was prompt with an alert for confirmation. Post confirmation, i was redirected to the login page.
- Once logout i was still able to move back to the previous page using the back button. Hence, bypassing the Logout Management.
So, we finally completed all the security levels for the bWAPP Broken Authentication (Logout Management) Vulnerability. We looked into the various ways how application has been set up in various levels and how we can bypass the security controls implemented. Next, we can mitigate the potential attacks on Logout Management by making sure that the user is unable to go back and view the authenticated page after he’s been logged out. Along with that, cookies should be properly flushed upon clicking the logout button to avoid any issues later. On that note, i will take your leave and will meet you in next one with another bWAPP vulnerability writeup, till then “Keep Hacking”.