Bazar Insufficient Session Expiration

2018.04.09

Milad Ahmadi (IR)

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

[-] Exploit Title: Bazar Insufficient Session Expiration
[-] Vendor Home Page : https://cafebazaar.ir
[-] Author : Milad Ahmadi
[-] Email : info@securityhub.ir
[-] Date : 2018-04-09
[-] Version : 7.15.5
---------------------------------------------------------------------
[ Description ]
Bazaar is the most popular android app store in Iran with more than 20000 published applications. This app is vulnerable to insufficient session expiration. According to this vulnerability when users sign out from app the session does not become invalidated, and user can replace past session in order to sign in without entering username and pass
---------------------------------------------------------------------
Telegram channel : @guardiran_org
Twitter : @securityhubir
Thanks to : Mownten,REX,dr-iman and all Guardiran security team members

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Bazar Insufficient Session Expiration

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.