FirstBlood-#739 — Session Doesn't not expire at /drpanel/index.php and /vaccination-manager/portal.php.
This issue was discovered on FirstBlood v2
On 2021-10-27, vishal Level 2 reported:
Discription : I have realised that seassion doesn't expire when we click signout .
Steps to Reproduce:
- Login at /vaccination-manager/login.php & /login.php . How? (refer to https://www.bugbountyhunter.com/hackevents/report?id=536 & https://www.bugbountyhunter.com/hackevents/report?id=536)
-
After that click on secure signout.
-
On both login panel you will be redirected to host domain as below.
-
Press back button for both session .
-
on both session you will be able to see what a login user supposed to see such as ip, name, email, certificate even after secure Signout.
Impact: sentive information such as
IP address,email,vaccination certificate can be accessed.
It lead raise Impact of XSS as it can lead to ATO Because of this issue.
Limitation:
-
For doctor login panel you will not be able to view cancelled apointment page after log out even in new tab same page mean's /drpanel/index.php will not open again. { IT's why this bug is not have as much imact on drpanel but on /vaccination-manager/portal.php things Works diffrently. }
-
On /vaccination-manager/portal.php case you can access it even after logout in new tab as well . it's like signout button on this page only redirect you to home page otherwise you are still loggedin even after secure signout (which is not seems to be as much secure though).
Let me know if anything missing or required - Vishal
P4 Low
Parameter:
Payload:
FirstBlood ID: 43
Vulnerability Type: Application/Business Logic
The session cookie is not invalidated in the database and thus old session tokens are still valid until a new login is made and a new session token is set.