Logical Exploits Of Flaws In a Cookie/Token Design 2023

By XiaoXin
A Bit Randomly

Injection attacksCross-site scripting (XSS)Cross-site request forgery (CSRF) There are several common security concerns to be aware of when working with Node.js. Some of the most important ones are: Injection attacks Injec... Read 3 Common Security Concerns When Working With Node.js?

Main Contents

Logical Exploits Of Flaws In a Cookie/Token Design

The validation value of the cookie is too simple. Some web pages are too single or simple to generate cookies, which leads to hackers being able to enumerate the validity values ​​of cookies. Or you can log in to other users by modifying a certain parameter in the cookie, that is, cookie counterfeiting.

The token is generally an operation token. When each user logs in to the system, the server will generate a token for each user as an operation credential. If the token design is too simple, it may be cracked; or the token does not have an expiration time, which makes the user token not unique, resulting in the risk of the user token being stolen.

There is a design flaw in retrieving the password:

When the user changes the password, a link containing auth will be received in the mailbox, and the user clicks on the link within the validity period to enter the link of resetting the password. Most websites use the rand() function to generate auth, so there is a problem here. The maximum value of rand() in the Windows environment is 32768, so the value of this auth can be enumerated.

Please Share This Article Thank You!

Parts of E-Commerce System Security Checklist
Logical Exploits Of Contract Vulnerability

1- Use A mobile phone to log in to account A to open the service to be tested, click on automatic renewal, and stay on the payment interface when paying.2- Use B's mobile phone to log in to account A to open the service to...

Logical Exploits Of Unlimited Enumeration

Unlimited enumeration of interfaces Some critical interfaces are vulnerable to enumeration attacks because there is no verification or other prevention mechanisms. Common cases: - An e-commerce login interface has no verif...