Offensive SequenceSep 26
⚠️ CRITICAL: CVE-2025-59841 in FlagForgeCTF (v2.2.0–<2.3.1) leaves sessions & CSRF tokens active post-logout, enabling unauthorized access. Patch to 2.3.1+ now! More details: https://radar.offseq.com/threat/cve-2025-59841-cwe-384-session-fixation-in-flagfor-0c0a9e3f #OffSeq #CVE202559841 #SessionFixation #CTF #Security
Show threadZaniddJul 26, 2024

As always the information in this thread as well as more can be found in my notes at: https://notes.zanidd.xyz/

Thank you for reading my thread and see you in the next one :)

#session #csrf #xss #sessionhijacking #sessionfixation

Zanidds Notes | Zanidds Notes

Notes about Hacking, Tech and Coding

Show threadZaniddJul 26, 2024

Remediating Open Redirect

  • Strictly validate URLs
  • Do not use user-supplied URLs
  • Check supplied values (valid, not an URL, appropriate for the app)
  • Sanitize input with an allowlist of trusted hosts (or regex)
  • Force redirects to first go through a page notifying users that they're leaving the site

#cybersecurity #session #csrf #xss #sessionhijacking #sessionfixation

Show threadZaniddJul 26, 2024

Remediating CSRF

  • Check if user is authorized to perform action
  • Add randomly generated + non-predictable tokens (anti-csrf-token, csrf-tokens)
  • Referrer Header Checking
  • Implement Two-Step operation (Operation is not executed when called, but needs a verification)
  • Make Cookies SameSite!

#cybersecurity #session #csrf #xss #sessionhijacking #sessionfixation

SameSite cookies explained  |  Articles  |  web.dev

Learn to mark your cookies for first-party and third-party usage with the SameSite attribute. You can enhance your site's security by using SameSite's Lax and Strict values to improve protection against CSRF attacks. Specifying the new None attribute lets you explicitly mark your cookies for cross-site usage.

web.dev
Show threadZaniddJul 26, 2024

Remediating XSS

  • Validation of user input (on the server side)
    • Use positive approach (allowlist)
    • verify existence of actual Input
    • Enforce Input Size restriction
    • Check Input Type and only allow certain types
    • Check range of value and restrict it
    • Sanitize special chars
  • HTML Encoding Output (especially user-controlled output)
  • Do not embed user input into client-side scripts
  • Have a good CSP (Content Security Policy)
  • Make Cookies HTTPOnly!

#cybersecurity #session #csrf #xss #sessionhijacking #sessionfixation

Show threadZaniddJul 26, 2024

Remediation Session Fixation

  • Generate new session ID after authenticated operation (invalidate pre-login session id and generate a new one post-login)
  • use libraries and built in mechanisms for session management, don't build custom implementations

Example Function for PHP:

session_regenerate_id(bool $delete_old_session = false): bool

#cybersecurity #session #csrf #xss #sessionhijacking #sessionfixation

Show threadZaniddJul 26, 2024

Remediating Session Hijacking

  • Pretty challenging to counter session hijacking
  • Monitoring + Anomaly Detection
  • safer bet to counter than to eliminate all vulns

#hacking #cybersecurity #session #csrf #xss #sessionhijacking #sessionfixation

ZaniddJul 26, 2024

Here is some Advice on how to remediate common Session Security Attacks/Vulns (based on HTB Academy).

1/? 🧵

#hacking #cybersecurity #session #csrf #xss #sessionhijacking #sessionfixation

OPSEC Cybersecurity News LiveMar 3, 2023
Protection against user session attacks (hijack, replay, tampering, CSRF, XSS...)

https://security.stackexchange.com/questions/268882/protection-against-user-session-attacks-hijack-replay-tampering-csrf-xss

#sessionmanagement #attackprevention #sessionfixation #maninthemiddle
Protection against user session attacks (hijack, replay, tampering, CSRF, XSS...)

We develop a website in JAMStack, all URLs are static HTML page, and each interaction with the server are made by a fetch call on our REST API (micro-services). When a user sign in, we want to prop...

Information Security Stack Exchange