figmented Posted July 18, 2008 Share Posted July 18, 2008 hello! i've finished a site for my photographer friend and was wondering if i could get some beta testers to try breaking something: http://70.112.160.245/danielbrock.com/ (tested in ie6+, firefox 2+, safari 2+, and opera 9+) i believe i worked out any timing issues and ensured that no javascript errors pop up. a lot of the pages are blank, because i'm waiting for the photographer to update them (i'll also be posting the CMS web app i've built very soon). thanks for your help!! Link to comment Share on other sites More sharing options...
darkfreaks Posted July 18, 2008 Share Posted July 18, 2008 PHPSESSID session fixation Vulnerability description This script is vulnerable to PHPSESSID session fixation attacks. By injecting a custom PHPSESSID is possible to alter the PHP session cookie. Attackers will normally manipulate cookie values to fraudulently authenticate themselves on a web site. This vulnerability affects /danielbrock.com. The impact of this vulnerability By exploiting this vulnerability, an attacker may conduct a session fixation attack. In a session fixation attack, the attacker fixes the user's session ID before the user even logs into the target server, thereby eliminating the need to obtain the user's session ID afterwards. How to fix this vulnerability Set session.use_only_cookies = 1 from php.ini. This option enables administrators to make their users invulnerable to attacks which involve passing session ids in URLs; defaults to 0. Link to comment Share on other sites More sharing options...
figmented Posted July 18, 2008 Author Share Posted July 18, 2008 PHPSESSID session fixation Vulnerability description This script is vulnerable to PHPSESSID session fixation attacks. By injecting a custom PHPSESSID is possible to alter the PHP session cookie. Attackers will normally manipulate cookie values to fraudulently authenticate themselves on a web site. This vulnerability affects /danielbrock.com. The impact of this vulnerability By exploiting this vulnerability, an attacker may conduct a session fixation attack. In a session fixation attack, the attacker fixes the user's session ID before the user even logs into the target server, thereby eliminating the need to obtain the user's session ID afterwards. How to fix this vulnerability Set session.use_only_cookies = 1 from php.ini. This option enables administrators to make their users invulnerable to attacks which involve passing session ids in URLs; defaults to 0. Crazy... I've made this change. Can you check it again for me? Also, did you get this info from some app? Link to comment Share on other sites More sharing options...
darkfreaks Posted July 19, 2008 Share Posted July 19, 2008 yes my scanner did. and it is resolved now please click topic solved Link to comment Share on other sites More sharing options...
Recommended Posts