Summary
- A vulnerability has been discovered in the authentication process of Example.com which could lead to the exposure of sensitive user data.
- The issue lies in the handling of the
USER_IDcookie, which follows a predictable format, making it possible for an attacker to manipulate the cookie and access personally identifiable information. - The format is structured in such a way that allows researchers to attempt to brute-force the cookie generation algorithm, altering the
USER_IDcookie to access sensitive user data. - The company has yet to implement a fix, so this vulnerability is still open and playable.
Remember, on Bug Bounty platforms never ever intentionally exploit any vulnerabilities you discover indefinitely, even if the vulnerability is still open and unexplored. waiting for the HostGator to fix the vulnerability adheres to the ethical standards of conduct for responsible disclosure. Doing so could lead to legal consequences and compromise your reputation within the ethical hacking community.
Stay Safe!