froxlor

Valid

Reported on

Jan 30th 2023

Description

The session ID not rotating even after relogin

POC

1. Change the PHPSESSID=newsessionchanged and then login
2. Use the same session into new browser and as you can see logged into the account
3. you can try logout and login again the PHPSESSID doesn't change.

Video POC: https://drive.google.com/file/d/1fvc2fWERQT-eCo9KBKKkz_-bAJSfrROR/view?usp=share_link

Impact

This can be exploited if there is another bug like HTTP Response Splitting. Also easy to exploit if attacker modify or note the cookie before login.

References

We are processing your report and will contact the froxlor team within 24 hours. 8 months ago

We have contacted a member of the froxlor team and are waiting to hear back 8 months ago

A froxlor/froxlor maintainer has acknowledged this report 8 months ago

Dinesh

commented 7 months ago

Researcher

Any update on this?

Michael Kaufmann validated this vulnerability 3 months ago

Dinesh has been awarded the disclosure bounty

The fix bounty is now up for grabs

The researcher's credibility has increased: +7

Michael Kaufmann marked this as fixed in 2.1.0 with commit 94d9c3 3 months ago

The fix bounty has been dropped

This vulnerability has been assigned a CVE

Michael Kaufmann published this vulnerability 3 months ago

to join this conversation