Session Invalidation in Economizzer Allows Unauthorized Access After Logout
gugoan的Economizzer v.0.9-beta1存在会话管理漏洞,用户登出后会话未失效,仍可被利用导致未经授权访问。 2025-5-17 02:38:56 Author: seclists.org(查看原文) 阅读量:7 收藏
gugoan的Economizzer v.0.9-beta1存在会话管理漏洞,用户登出后会话未失效,仍可被利用导致未经授权访问。 2025-5-17 02:38:56 Author: seclists.org(查看原文) 阅读量:7 收藏
Full Disclosure mailing list archives
From: Ron E <ronaldjedgerson () gmail com>
Date: Tue, 6 May 2025 20:48:38 -0400
A session management vulnerability exists in gugoan's Economizzer v.0.9-beta1. The application fails to properly invalidate user sessions upon logout or other session termination events. As a result, a valid session remains active and usable even after the user has attempted to log out. POST /web/category/create HTTP/2 Host: <host> Cookie: _economizzerSessionId=<<REDACTED>>; _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/fulldisclosure/
Current thread:
- Session Invalidation in Economizzer Allows Unauthorized Access After Logout Ron E (May 16)
文章来源: https://seclists.org/fulldisclosure/2025/May/16
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh