Post by user84 » Sat Oct 12, 2019 7:48 am

hi there ... i am a bug hunter 'i wanna report a bug your main domain....

Contact me for POC video. 

PATCH
When someone forget his/her password, each and every active sessions that belongs to that particular account must be destroyed!
I would recommend you to follow Facebook on this security issue.. They fixed this issue few months back by adding a process that asks users whether user want to close all open sessions or not right after changing password.
So there is two way, either you let users to choose if they want to keep active sessions or just destroy every active sessions when users change his/her password!

In this case 4 issue will be happen
Issue 1: Forced Browsing
Issue 2: Parameter Modification
Issue 3: Session Identifier Prediction
Issue 4: SQL Injection within Login Forms

Please think about this. This is very harmful for your site.
I look forward to hearing from you!

Thanks and Best Wishes.

Impact
Attacker will be still logged in your account even after changing password, cause his session is still active.. he'll have complete access on your account till that session expires! Also Attacker can do anything on your account.In summary, authentication bypass is an important area to focus on during a penetration test. Bypasses can come in many forms and often arise due to poor implementations such as placing trust in client side data, utilizing weak tokens or being careless with database queries and not using prepared statements.

Regards
Please contact me on may personal mail : webbuilder084@gmail.com

Newbie

Posts

Joined
Sat Oct 12, 2019 4:47 am

Post by IP_CAM » Sun Oct 20, 2019 3:46 am

i am a bug hunter 'i wanna report a bug your main domain....
What Main Domain are you talking about ? ???
And why on Earth should someone contact an anonymous GMail Address holder,
to then talk about possible security Issues ? :laugh: :crazy:

I'm rarely active at the OC Forum lately. To reach me, contact: jti@jacob.ch
A Demoversion of my free OpenCart LIGHT v.1.5.6.5 Software Edition
can be seen in real Action here: http://www.jti.li/shop/
---
1'300+ FREE OC Extension-Repositories - from OC v.1.5.x up,
on the world's largest OC-related Github Site: https://github.com/IP-CAM
---
Image


User avatar
Legendary Member

Posts

Joined
Tue Mar 04, 2014 1:37 am
Location - Switzerland
Who is online

Users browsing this forum: No registered users and 6 guests