Business Logic Vulnerabilities - Lab #7 Weak isolation on dual-use endpoint | Long Version
Рет қаралды 670
Күн бұрын
@RanaKhalil101 6 ай бұрын
🚀Ready to level up your web security game? Unlock 15 courses and over 50 hours of content with our All-Access Membership for just $1/day: academy.ranakhalil.com/p/all-access-membership 🌟
@MustafaGains 6 ай бұрын
Thx! 🙏 excuse me Rana i have a small question , Is it a vulnerability like if we created 2 accounts A and B and swapped only the (sessionsID) of account B to account A and send the request from account A which gonna return 200 OK and let us access account B ? . While keeps every things else as its such CSRF,accountID,middleware without changing them. Lookin patiently for your response.
@RanaKhalil101 6 ай бұрын
No that's not a vulnerability. The session id is what authenticates and authorizes the user and so if you swap it, it should present you with the user that is tied to that session id.
@nishantdalvi9470 4 ай бұрын
@@RanaKhalil101 Can we see scenarios similar to the one which is been portrayed within this lab in real world web applications ? Waiting for your reply patiently
Rana Khalil
Рет қаралды 2,8 М.
Rana Khalil
Рет қаралды 1,1 М.
Oscar's Funny World
Рет қаралды 49 МЛН
Funny superhero siblings
Рет қаралды 9 МЛН
Wood Mood Arts
Рет қаралды 11 МЛН
Rana Khalil
Рет қаралды 967
Rana Khalil
Рет қаралды 1,1 М.
Rana Khalil
Рет қаралды 1,1 М.
Игорь Белецкий (investigator)
Рет қаралды 577 М.