| 
  
        |  |  |  
      
        |  |  
  | 
  
    | 
	|  | Menu |  |  
     
     | 
      
       | 
        
         | 
          
           | 
						|  |  |  Home |  |  |  |  |  |  |  |  Discussions |  |  |  |  |  |  |  |  Tools |  |  |  |  |  |  |  |  Affiliates |  |  |  |  |  |  |  |  Content |  |  |  |  |  |  |  |  Info |  |  |  |  |  |  |  |  |  |  
  
    | 
	|  | User Info |  |  
     
     | 
      
       | 
        
         | 
          
           |  Membership: 
  Latest: MichaelSnaRe 
  New Today: 0 
  New Yesterday: 0 
  Overall: 9144 
 
  People Online: 
  Visitors: 159 
  Members: 0 
  Total: 159 
 |  |  |  |  |  
  
    | 
	|  | Full disclosure |  |  |  | 
  
    | 
        
          | 
              
                | 
                    
                      | 
                          
                            | 
	| 
	
		|  |  |  
		|  | IT Security and Insecurity Portal |  |  
 
	|  | phpsessid fixation |  |  
	| 
	
		|  Posted: Tue Jun 05, 2007 11:12 pm |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| bean703 |  | Regular user |  |  
  |  |  |  | Joined: Mar 21, 2007 |  | Posts: 22 |  |  |  |  
 
 |  |  
			|  |  |  
 
 | 
		
			| How do you fix a session fixation vulnerability? 
 
  	  | Quote: |  	  | In a session fixation attack, the attacker fixes the user's session ID before the user even logs into the target server. After a user's session ID has been fixed, the attacker will wait for them to login.
 Once the user does so, the attacker uses the predefined session ID value to assume their online identity.
 | 
 
 If the PHPSESSID can be changed by going to website.com/?PHPSESSID=whatever that's a session fixation attack right? How can this be fixed?
 |  |  
		|  |  |  
	|  |  
	| www.waraxe.us Forum Index -> PhpBB 
 
	
		| You cannot post new topics in this forum You cannot reply to topics in this forum
 You cannot edit your posts in this forum
 You cannot delete your posts in this forum
 You cannot vote in polls in this forum
 
 | All times are GMT Page 1 of 1
 
 |  |  
	|  |  
 Powered by phpBB © 2001-2008 phpBB Group
 
 
 
 
 |  |  |  |  |  |  |