Hello everyone Hope everyone is good, I would like to share one of my recent findings.
What is Replay Attack?
Rep Attack is a vulnerability which will allows to access the user/admin account without end user knowledge, with that we can read, write, create, delete/remove and download is also possible.
How do I Exploited?
Initiated the HTTP request with Incorrect credential towards server and server processed and return the authentication failure response. Did the same process again, but this time I tired to modify the HTML body from error response “<script>alert(‘Wrong Password ‘)</script>” by changing the error values from response to
<html><head><title>Object moved</title><body>
<h2>Object moved to <a href=”/lab_user.aspx”>here</a>.</h2>
</body></html>
After forwarding the request to browser which landed me directly to website as a admin, as I mentioned earlier with admin access I can able to do lots of things creating users, changing user password, deleting users etc…,
Remediation:-
The attack can be mitigated using timestamps on all messages. This will reducing the window of opportunity for an attacker to eavesdrop, siphon off the message and resend it.
Both sender and receiver should establish a completely random session key, which is a type of code that is only valid for one transaction and can’t be used again.
