OWOX, Inc.: Session is not expire after logout

2019-10-08T05:43:52
ID H1:709378
Type hackerone
Reporter mohummad_saqib_arif
Modified 2019-11-08T13:12:23

Description

Reproduction:

step no 1:Open URL:https://www.owox.com/products/ or open your user account

step no 2: copy URL or paste another tab

step no 3:Go back again first tab or logout your account

step no 4: And check the copied URL section is working properly

Reference From :#244875 Reference From :#263873 Reference From :#249798

Hope you fix this soon ;)

Best Regards, SAQIB_ARIF

Impact

An attacker can get the user's session cookies by using Session Spoofer, Cookie Staler, etc. and thus, can get access to the user account.

Perform action: Changes profile Delete account