Skip to content

Unauthorized Profile Information Change after Logout on app.aixblock.io #193

@darkcodex20

Description

@darkcodex20

Target: https://app.aixblock.io

Severity: Medium to High (Session Mismanagement / Broken Authentication)

✅ Steps to Reproduce:
Create an account on https://app.aixblock.io.

Log in and go to Account Settings → Profile Settings.

Edit any profile information (e.g., name, bio, etc.).

Intercept the profile update request using Burp Suite.

Send the request to Repeater.

Drop the request (don’t let it forward).

Log out of your account.

In Burp Suite → Repeater, resend the previously captured request.

Observe the HTTP 200 OK response.

Log back into your account and notice that the profile information has been successfully changed.

🐞 Vulnerability:
Even after logging out, the captured and replayed request still executes successfully, indicating improper session invalidation or authorization checks on the backend.

🔥 Impact:
Attackers with access to intercepted requests can modify user profile data even after logout, risking session fixation, unauthorized access, or account manipulation.

If tokens are not invalidated upon logout, it may lead to larger account takeover vectors in more complex scenarios.

💡 Suggested Fix:
Properly invalidate session tokens/cookies upon logout.

On the backend, ensure that authentication and authorization checks are enforced for each request, and that expired sessions/tokens are not honored.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions