Related Posts
What can I expect in the oracle welcome kit?
Hi all! I have a 45 minute screening interview at Facebook (Meta) next week for their Product Development Specialist position. Does anyone have any advice on what I can expect? In particular, I was told there would be a case study question at the end of the interview. Any advice or insight is appreciated!
Who is planning for next year's draft?
I'm serving notice period in TCS and my last day is in 2 weeks. I requested for pickup of laptop in the portal but I came to know that it will take time for pickup and I won't be available if they come late. So I decided to go to office and surrender the laptop as I'm in the location of office only. Is there a seperate request to be raised for surrender of laptop and how to cancel the existing request for pickup. Please guide.Tata Consultancy
Additional Posts in Cyber Security Professionals
Hi Everyone,
Need your suggestions please
I come from a cyber strategy background with very little technical experience.
I want to make a shift towards Devsecops,
Could anyone please suggest what is the best way to build the needed skills /do projects online for the relevant experience?,
Thanks,thanks a lot in advance,!
Deloitte DEVOPS
Infosys
New to Fishbowl?
unlock all discussions on Fishbowl.





See, what I feel is you were trying to check session related issues.
Here, developers have kept a security check that session can't be reused again or they must have kept some token along with session for authenticity
Ap. Mumbai arh ho pentesting karne
Did you copy the session cookie after logging in to the application? How many cookies are there in the application? Are you sure this is the only cookie that ties to the session? Also what are you trying to test here? How do you conclude this is vulnerable even if it works? Session cookies are like passwords if you have them then you can take the control of the user session. I assume you are trying to test session fixation attack for that you need to insert the cookie manually with your own values and then login to the application and observe if the cookie gets changed or is it the same values that you inserted after logging in if it is the same value then copy and paste that cookie in another unauthenticated browser and try accessing the url of any authenticated page to see if it works.
1. No, copied both the cookies after logging in
2. there were 2 cookies in the session
3. No, wasn't sure, so tried copying both the cookies
4. it was a test web app and wanted to see the changes that I made after logging in were reflecting in another browser if cookies were copied
5. Not sure.
No I wasn't trying for this session fixation attack but thanks for this insight will see this with the method you provided.
It is likely that every API call needs an auth token, and the auth token likely has browser information embedded in it.
😂 Bro what were you trying to do
Can you pls explain why it didn't work ?
Instagram infulencer se shike ke arh ho syd 😭😭
Can you pls explain why it didn't work
The server must be validating the session cookie; there must be a token in the HTTP request which will be responsible to restrict the user to use same cookie in different browser to prevent session reuse