Jump to content

Recommended Posts

hello! i've finished a site for my photographer friend and was wondering if i could get some beta testers to try breaking something:

 

http://70.112.160.245/danielbrock.com/ (tested in ie6+, firefox 2+, safari 2+, and opera 9+)

 

i believe i worked out any timing issues and ensured that no javascript errors pop up. a lot of the pages are blank, because i'm waiting for the photographer to update them (i'll also be posting the CMS web app i've built very soon). thanks for your help!!

PHPSESSID session fixation

Vulnerability description

This script is vulnerable to PHPSESSID session fixation attacks.

 

By injecting a custom PHPSESSID is possible to alter the PHP session cookie. Attackers will normally manipulate cookie values to fraudulently authenticate themselves on a web site.

This vulnerability affects /danielbrock.com.

The impact of this vulnerability

By exploiting this vulnerability, an attacker may conduct a session fixation attack. In a session fixation attack, the attacker fixes the user's session ID before the user even logs into the target server, thereby eliminating the need to obtain the user's session ID afterwards.

 

How to fix this vulnerability

Set session.use_only_cookies = 1 from php.ini. This option enables administrators to make their users invulnerable to attacks which involve passing session ids in URLs; defaults to 0.

 

PHPSESSID session fixation

Vulnerability description

This script is vulnerable to PHPSESSID session fixation attacks.

 

By injecting a custom PHPSESSID is possible to alter the PHP session cookie. Attackers will normally manipulate cookie values to fraudulently authenticate themselves on a web site.

This vulnerability affects /danielbrock.com.

The impact of this vulnerability

By exploiting this vulnerability, an attacker may conduct a session fixation attack. In a session fixation attack, the attacker fixes the user's session ID before the user even logs into the target server, thereby eliminating the need to obtain the user's session ID afterwards.

 

How to fix this vulnerability

Set session.use_only_cookies = 1 from php.ini. This option enables administrators to make their users invulnerable to attacks which involve passing session ids in URLs; defaults to 0.

 

Crazy...

 

I've made this change. Can you check it again for me? Also, did you get this info from some app?

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.