The Restricted Sessions
Challenge Information
Category: Web Security
Level: medium
Points: 100
description
Flag is restricted to logged users only , can you be one of them.
Solution
after access the lab we open it browser
now we review source code for this lab
well i'll explain what this block of code.
first checks if the browser has any cookies stored. If there are no cookies, the script does nothing.
It uses a regular expression (/PHPSESSID=([^;]+)/) to search the cookies for the PHPSESSID value and the match() method returns an array, and [1] accesses the actual session ID value from the capturing group ([^;]+) (everything after PHPSESSID= until the next semicolon),Sends a POST request to getcurrentuserinfo.php with the session ID in the request body.
now we go to play in cookie i'll use cookie editor (you can burp to intercept and a cookie header but my way it's easier ), well first add cookie named PHPSESSID and any value on it and reload the site
after reload
okay , we goona open this endpoint
i think it's cookies's values well we try it (replace vlaue) you can use any value
welll, now we try to access in this endpoint (getcurrentuserinfo.php), first try in your browser to sent request and go to http request to the find it then send it to repeater and modified the request method from Get to Post
now send it
yeah haha, now we have the credentiales it's just put it cookie editor (or request i prefer cookie editor it's up to you 😄).
done 🎉
Last updated