Secrets in Session: How a Forgotten Cookie Let Me Walk Into Admin Panel Like I Owned the Place…
文章讲述了一次网络安全侦察中发现注销端点隐藏漏洞的经历,最终通过一个遗忘的cookie获得了管理员权限。 2025-7-21 05:28:24 Author: infosecwriteups.com(查看原文) 阅读量:18 收藏

Iski

Free Link 🎈

Hey there!😁

Image by GEmini AI

Life Tip #235: If logging out of your ex’s life was as easy as logging out of some web apps… we’d all be healed by now. 💔🍪

I was on my third cup of coffee (read: coping mechanism ☕) at 2:47 AM, half-watching a 2008 CTF talk and half-scrolling through recon output from a random fintech target. Just as I was about to give up for the night, I noticed something weird. A logout endpoint that was… lying to me. And when a logout button lies, you better believe there’s treasure hidden behind it.

This is the tale of how I stumbled upon a forgotten cookie that was still holding onto the past — and how that cookie gave me full admin access.

I began with basic mass recon — nothing fancy:

subfinder -d target.com | tee subs.txt
httpx -l subs.txt -status-code -title -tech-detect > alive.txt
gau…

文章来源: https://infosecwriteups.com/secrets-in-session-how-a-forgotten-cookie-let-me-walk-into-admin-panel-like-i-owned-the-place-6aeb97f7f9de?source=rss----7b722bfd1b8d---4
如有侵权请联系:admin#unsafe.sh