Session Invalidation in Economizzer Allows Unauthorized Access After Logout – Full Disclosure

Posted by Ron E on May 16
A session management vulnerability exists in gugoan’s Economizzer
v.0.9-beta1. The application fails to properly invalidate user sessions
upon logout or other session termination events. As a result, a valid
session remains active and usable even after the user has attempted to log
out.
POST /web/category/create HTTP/2
Host: <host>
Cookie: _economizzerSessionId=<<REDACTED>>;
– Read More – Full Disclosure