Login Bypass using Cookie Tampering/Poisoning

Cookies are stored in the local browser memory in order to give user a streamlined access to a function. Let's say you login to a website udemy.com. You quit your browser but when you relaunch it you don't type in your password again. This is because cookies have your session ID stored.

What if there is loose coding on the website and we can tamper with the cookies to make it perform certain actions?

In tryhackme: overpass room, I came across something interesting. I noted that the backend code in Javascript was setting the cookie value to "statusOrCookie" on successfull username and password entry.

This means that all we need to do is to set cookie value on the login page to "statusOrCookie" and we'll be logged in. Lets give it a go

Original state:

Now from the inspect element tab I add an item in cookies and set it's name to "SessionToken" and value to "statusOrCookie"

Just like that, we see we've been logged in!

Mitigation: Use the secure attribute and HttpOnly attribute.