|
score: 6
|
7.00
8.75
10.00 |
Von 5 Mitgliedern gelöst
|
2264540 views
|
seit 21. Apr 2021 18:03:03Temper (Crypto, Exploit)
Temper
Hello Gast
To speed up our websites, we decided to store sessions inside the browser's cookies.
The cookies are encrypted, so nobody should be able to temper with them.
However, some user was able to impersonate as another one, despite the encryption!
Can you reproduce this? If so, login as the user 'System'.
As a starting point, try to login as user:user
You are also given the source for the cookie library and site login.
Good Luck!
gizmore
To speed up our websites, we decided to store sessions inside the browser's cookies.
The cookies are encrypted, so nobody should be able to temper with them.
However, some user was able to impersonate as another one, despite the encryption!
Can you reproduce this? If so, login as the user 'System'.
As a starting point, try to login as user:user
You are also given the source for the cookie library and site login.
Good Luck!
gizmore
© 2021, 2022, 2023 und 2024 by jusb3