likehelpful
Posting as :
works at
You are currently posting as works at

See, what I feel is you were trying to check session related issues.
Here, developers have kept a security check that session can't be reused again or they must have kept some token along with session for authenticity

like

Ap. Mumbai arh ho pentesting karne

likefunny

Did you copy the session cookie after logging in to the application? How many cookies are there in the application? Are you sure this is the only cookie that ties to the session? Also what are you trying to test here? How do you conclude this is vulnerable even if it works? Session cookies are like passwords if you have them then you can take the control of the user session. I assume you are trying to test session fixation attack for that you need to insert the cookie manually with your own values and then login to the application and observe if the cookie gets changed or is it the same values that you inserted after logging in if it is the same value then copy and paste that cookie in another unauthenticated browser and try accessing the url of any authenticated page to see if it works.

like

1. No, copied both the cookies after logging in
2. there were 2 cookies in the session
3. No, wasn't sure, so tried copying both the cookies
4. it was a test web app and wanted to see the changes that I made after logging in were reflecting in another browser if cookies were copied
5. Not sure.

No I wasn't trying for this session fixation attack but thanks for this insight will see this with the method you provided.

It is likely that every API call needs an auth token, and the auth token likely has browser information embedded in it.

like

😂 Bro what were you trying to do

Can you pls explain why it didn't work ?

Instagram infulencer se shike ke arh ho syd 😭😭

Can you pls explain why it didn't work

The server must be validating the session cookie; there must be a token in the HTTP request which will be responsible to restrict the user to use same cookie in different browser to prevent session reuse

Related Posts

Middle-market player Stifel has reported a rise in revenue. Well I didn't expect that for sure...

like

Should I follow up with Capgemini HR after two days of document uploading. There's no update yet. Capgemini

like

Anyone not have any plans for thanksgiving?

What can I expect in the oracle welcome kit?

like

Why do 403b have such I fees? I almost want to stop contributing all together or just minimum 6% to meet the match. Possibly just rely on the pension but what if it’s underfunded when I retire?

Hello Fishes..
I have attended wipro HR discussion 2 days before .. post HR discussion, I was requested to send adhar , photographs and existing offer letter.
What will be the next steps and how many days it will take to get the offer letter.

like

Scheduled to retake AUD in 4 weeks and take REG 4 weeks after. Ready to finish this beast!

likeuplifting

Hi all! I have a 45 minute screening interview at Facebook (Meta) next week for their Product Development Specialist position. Does anyone have any advice on what I can expect? In particular, I was told there would be a case study question at the end of the interview. Any advice or insight is appreciated!

like

Who is planning for next year's draft?

like

TFW it’s 1000 degrees in the gym and it’s 20 degrees outside

funny

Hi Fishes,
I have 2 years experience in similar domain in Amazon Ecommerce.
I had recently interviewed for SAP Ariba for the role of CFE Consultant- Catalog Advisor, while the manager asked for my expected salary i mentioned 8.5 LPA, is it good?

likehelpful

Hi fishes, what are some good work life balance and learning projects/ clients in epam anywhr for front end react profile?

like

This dentsu challenge thing is so cringe. Such an echo chamber.

Post Photo
funnylike

In house insurance defense comp. What’s the highest paid and lowest paid companies? Which companies give bonuses? Please provide yoe and salary.

like

What is the hierarchy in EY GDS?
Is there any designation like Assistant Manager as well? What will be equivalent of Senior Consultant or Manager from Deloitte USI?

like

Non-eng... Got past the hiring committee! 🥳 does anyone know the process from now? And how long it typically takes? Thanks !

like

We’re expanding to USA soon - anyone with experience in order management looking for an opportunity? Part-remote work available and I don’t require a yes-man or overtime 🥳

like

Can anyone guide me how to get a good SAP SD project as i joined newly i have as asked to into a famous phone project.. but i know i it works so i didn't get into that so they asked to get into a testing project... Apart from this how can I get a support project in Wipro.. your inputs will be very helpful.. TIA...

like

How is Vodafone client in TechM

Additional Posts in Cyber Security Professionals

What is the market range for a professional having 15+ yrs of experience into infosec? Location would be Bangalore.

Fishes profile ma kya likhu
Jo phle se likha hai vho bekar hai

Thanks in advance

Post Photo
like

Hello,
I am about to finish my notice period working as a SOC L1, yeo 2 please help me with how much I should ask for salary in next company, ctc 4.26 total year of exp 4

like

Sharks Plz suggest which to go for better growth and experience.
KPMG In. vs Aujus vs Paytm vs Upstox vs Eaton vs LRN vs Honeywell

Cyber Security and 1yr experience

like

Hi all,

I am looking for a job switch and have 5 YOE as Information security analyst. Pls help me with any referrals.

like

What salary I can expect from advance auto parts and microfocus. Security Engineer, yoe 6

like

Hey guys can i get 11 likes so that i can reach out to people for help
Appreciate your support
Thanks 😀

like

Hi guys,
Would be great if I could get your suggestions on this.
I am currently having around 3yrs of exp in banking field but planning to switch my career to cyber security and in process of doing cpt and ceh certification, so will that be good enough to get into a job or is there something else I should be doing??

Thankyou!!

What’s the expected ctc for security analyst role with 6years of experience ?

like

Domain, CTC, YOE

Eg IAM, 22, 6
Eg SOC, 18, 5

Company name optional

like

What type of client mostly Aujas Cyber security have in VAPT?? How much percentage appraisal will happen there ? Aujas

like

Hi Folks!!

Having a total of 4YOE in IT, and specific in 2 years in cyber security, Can I apply for MNC companies ???


If yes, please suggest which company I should try this moment. YOUR SUGGESTIONS IS HIGHLY APPRECIATED ☺️

like

Hello Fishes,

Any references for Threat Hunting position in Pune?

If yes please do let me know......

like

Does anyone here has any suggestions on how to improve your LinkedIn profile and also your CV?
I am looking for a job in EU region.

like

I am actively Looking for Job Change in UAE, Qatar and India having 2.5 + yrs of experience in Cyber security domain ,#cybersecurity, #networksecurity , #SIEM , Log analysis, incident response, threat hunting and vulnerability assessment.

Ready to relocate , Any leads could be helpful for me.

Hope to hear from you soon.

For further information please contact me.

like

Any contact of HRs/recruitment agencies that does hiring of security professionals in UAE? TIA

like

Hey fishes,

I am working as a cloud engineer (managing enterprise cloud for the organisation), some common things I am working on right now are, setting up cloud governance framework, implementing guardrails, enforcing policy etc. I want to switch into cybersecurity expert (specially for cloud) can anyone guide me though the path, the dos and don’ts etc.

Thanks in advance 😀

like

Hi All, which is best company to work for cyber security employees?

New to Fishbowl?

Download the Fishbowl app to
unlock all discussions on Fishbowl.
That was just a preview…
Sign Up to see all discussions
  • Discover what it’s like to work at companies from real professionals
  • Get candid advice from people in your field in a safe space
  • Chat and network with other professionals in your field
Sign up in seconds to unlock all discussions on Fishbowl.

Already a user?
Login here

Share

Embed this post

Copy and paste embed code on your site

Preview

Download the
Fishbowl app

See what’s happening in your industry
from the palm of your hand.

A phone with Fishbowl app

Scan your QR code to download
Fishbowl app on your mobile

Download app

Sign up for free to view this conversation on Fishbowl

By continuing you agree to Terms of Use and Privacy Policy

Already have an account? Log in

Sign up for free to continue using Fishbowl

By continuing you agree to Terms of Use(New) and Privacy Policy(New)
Messaging rates may apply

Already have an account? Log in

For account settings, visit Fishbowl on Desktop Browser or

General

Legal