|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 165
Members: 0
Total: 165
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
phpsessid fixation |
|
Posted: Tue Jun 05, 2007 11:12 pm |
|
|
bean703 |
Regular user |
|
|
Joined: Mar 21, 2007 |
Posts: 22 |
|
|
|
|
|
|
|
How do you fix a session fixation vulnerability?
Quote: | In a session fixation attack, the attacker fixes the user's session ID before the user even logs into the target server.
After a user's session ID has been fixed, the attacker will wait for them to login.
Once the user does so, the attacker uses the predefined session ID value to assume their online identity. |
If the PHPSESSID can be changed by going to website.com/?PHPSESSID=whatever that's a session fixation attack right? How can this be fixed? |
|
|
|
|
www.waraxe.us Forum Index -> PhpBB
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|