bWAPP - Session Management (Session ID in URL)

bWAPP – Session Management (Session ID in URL)

In this walk through, we will be going through the Session Management (Session ID in URL) vulnerability section from bWAPP Labs. We will be exploring and exploiting Session IDs in URL and learn how application are affected because of it. So, let’s get started with the Hacking without any delay.

Session Management (Session ID in URL)

Security: Low

  • Setting the security level to Low.

Security level Low

  • The Application has a page where the session ID has been exposed in the URL. It issues a GET request to smgmt_sessionid_url.php. If in case, we are able to get the user’s ID with the help of URL or by predicting it. We can manipulate the request and take over the user’s token.

Session Mgmt - Session ID in URL

Original Query:

Burpsuite intercept

URL

Welcome Bee

  • I changed the session ID in URL and cookie values to session values to that of user “Kratos” which we have created in previous challenges.

Burpsuite intercept

Welcome Kratos

Also Read: bWAPP – Session Management (Cookies-HTTP Only)

Conclusion:

Conclusion

So, we finally completed all the security levels for the bWAPP Session Management (Session ID in URL) Vulnerability. We looked into the various ways how application has been set up in various levels and how we can bypass the security controls implemented. Session Management attacks can be mitigated by creating strong session management mechanisms, employing secure coding practices to mitigate XSS and other vulnerabilities and using multi-factor authentication (MFA) to add an extra layer of security. On that note, i will take your leave and will meet you in next one with another bWAPP vulnerability writeup, till then “Keep Hacking”.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top