Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
1
00:00:01,520 --> 00:00:06,398
welcome back guys the
2
00:00:03,198 --> 00:00:09,759
second bug from our list of
3
00:00:06,399 --> 00:00:11,440
five carefully selected bugs how to get
4
00:00:09,759 --> 00:00:14,718
access to the account
5
00:00:11,439 --> 00:00:19,439
of the logged out user
6
00:00:14,718 --> 00:00:22,719
so let me make some kind of introduction
7
00:00:19,439 --> 00:00:24,000
when the user has been authenticated to
8
00:00:22,719 --> 00:00:25,919
the web application so the
9
00:00:24,000 --> 00:00:28,719
authentication is typically
10
00:00:25,920 --> 00:00:29,599
you know providing email and password
11
00:00:28,719 --> 00:00:31,839
then the only
12
00:00:29,599 --> 00:00:32,880
piece of data that is used by the web
13
00:00:31,839 --> 00:00:36,000
application
14
00:00:32,880 --> 00:00:37,120
to recognize the user is a cookie with
15
00:00:36,000 --> 00:00:40,238
session id
16
00:00:37,119 --> 00:00:42,640
the so-called authentication cookie
17
00:00:40,238 --> 00:00:44,078
and this is what you let's say have to
18
00:00:42,640 --> 00:00:47,120
know at the very beginning
19
00:00:44,079 --> 00:00:49,439
of our journey in this case now
20
00:00:47,119 --> 00:00:51,280
i'm gonna tell you something about log
21
00:00:49,439 --> 00:00:54,640
out functionality right
22
00:00:51,280 --> 00:00:58,079
so the user is going to log out
23
00:00:54,640 --> 00:01:00,000
and what typically happens in in web
24
00:00:58,079 --> 00:01:01,679
applications is like this
25
00:01:00,000 --> 00:01:03,119
when the user logs out the
26
00:01:01,679 --> 00:01:07,118
authentication cookie
27
00:01:03,119 --> 00:01:09,118
is deleted from the user's browser
28
00:01:07,118 --> 00:01:11,599
well it's deleted from the user browser
29
00:01:09,118 --> 00:01:14,478
so the user can no longer
30
00:01:11,599 --> 00:01:16,559
go to his profile because well the user
31
00:01:14,478 --> 00:01:19,359
seems to be no longer logged in
32
00:01:16,560 --> 00:01:21,680
right because there is no authentication
33
00:01:19,359 --> 00:01:24,400
cookie it has been deleted
34
00:01:21,680 --> 00:01:25,360
but the question is right now does it
35
00:01:24,400 --> 00:01:29,040
actually mean
36
00:01:25,359 --> 00:01:30,799
that the user is really locked out well
37
00:01:29,040 --> 00:01:32,079
the cookie was deleted from the user's
38
00:01:30,799 --> 00:01:35,200
browser but
39
00:01:32,078 --> 00:01:38,319
is it enough the answer is no
40
00:01:35,200 --> 00:01:39,200
it's not enough it's it's definitely not
41
00:01:38,319 --> 00:01:42,559
enough
42
00:01:39,200 --> 00:01:45,840
because the authentication cookie has to
43
00:01:42,560 --> 00:01:48,799
be invalidated on the server side
44
00:01:45,840 --> 00:01:49,439
at the time of logging out in other
45
00:01:48,799 --> 00:01:51,920
words
46
00:01:49,438 --> 00:01:53,839
it doesn't matter what happens on the
47
00:01:51,920 --> 00:01:55,280
client side so what happens in the
48
00:01:53,840 --> 00:01:57,520
browser of the user
49
00:01:55,280 --> 00:01:58,399
like you know deleting the cookie with
50
00:01:57,519 --> 00:02:01,359
session id
51
00:01:58,399 --> 00:02:03,439
it doesn't matter what matters is what
52
00:02:01,359 --> 00:02:06,478
happens on the server side
53
00:02:03,438 --> 00:02:08,799
so you have to invalidate the
54
00:02:06,478 --> 00:02:10,560
authentication cookie on the server side
55
00:02:08,800 --> 00:02:15,280
at the time of logging out
56
00:02:10,560 --> 00:02:19,120
then the user is really logged out
57
00:02:15,280 --> 00:02:21,199
if it doesn't happen then the attacker
58
00:02:19,120 --> 00:02:24,480
can get access to the account
59
00:02:21,199 --> 00:02:27,119
of the logged out user
60
00:02:24,479 --> 00:02:28,799
and now let me explain even more when
61
00:02:27,120 --> 00:02:30,719
you just delete
62
00:02:28,800 --> 00:02:32,560
the authentication cookie from the
63
00:02:30,719 --> 00:02:35,039
browser of the user
64
00:02:32,560 --> 00:02:36,318
then the user seems to be locked out but
65
00:02:35,039 --> 00:02:38,479
from the point of view
66
00:02:36,318 --> 00:02:39,839
of the server from the point of view of
67
00:02:38,479 --> 00:02:43,518
the web application
68
00:02:39,840 --> 00:02:46,560
the user is still logged in
69
00:02:43,519 --> 00:02:49,200
right so this is it
70
00:02:46,560 --> 00:02:50,959
this is a kind of maybe mysterious at
71
00:02:49,199 --> 00:02:51,439
the very beginning that the user seems
72
00:02:50,959 --> 00:02:54,640
to be
73
00:02:51,439 --> 00:02:56,560
logged out but in fact he is still
74
00:02:54,639 --> 00:02:58,799
logged in but this is how it works
75
00:02:56,560 --> 00:03:00,000
now i believe that you follow my
76
00:02:58,800 --> 00:03:02,879
reasoning
77
00:03:00,000 --> 00:03:04,239
and i have seen quite many web
78
00:03:02,878 --> 00:03:06,959
applications
79
00:03:04,239 --> 00:03:08,000
that were vulnerable to this kind of
80
00:03:06,959 --> 00:03:09,680
attack
81
00:03:08,000 --> 00:03:11,120
and of course the impact here is very
82
00:03:09,680 --> 00:03:13,519
nice it's like you know
83
00:03:11,120 --> 00:03:14,480
getting access to the account of the
84
00:03:13,519 --> 00:03:17,920
logged out user
85
00:03:14,479 --> 00:03:18,878
very nice very very cool so now without
86
00:03:17,919 --> 00:03:21,359
further delay
87
00:03:18,878 --> 00:03:22,959
let me jump to the demo let me show you
88
00:03:21,360 --> 00:03:25,519
how it really works
89
00:03:22,959 --> 00:03:26,479
i really want you to understand all the
90
00:03:25,519 --> 00:03:29,599
details here
91
00:03:26,479 --> 00:03:31,039
and i want you to be able to check if
92
00:03:29,598 --> 00:03:33,839
the web application
93
00:03:31,039 --> 00:03:34,878
of your own choice is vulnerable to this
94
00:03:33,840 --> 00:03:40,400
problem or not
95
00:03:34,878 --> 00:03:40,399
so let's jump right now to the demo
6375
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.