Created
August 10, 2010 09:23
-
-
Save markjames/516977 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| // Demo for session fixation | |
| // | |
| // Attacker creates a session by visiting the page: http://famfamfam.com/sessionfixation.php | |
| // Attacker gets their session ID out of the cookie (or in this case from the page) | |
| // Attacker creates a URL such as http://famfamfam.com/sessionfixation.php?PHPSESSID=attackerssessionid and sends it to victim | |
| // Victim clicks the URL (now both the attacker and victim are using the same session) | |
| // Victim logs in | |
| // Now the attacker is logged in to the victim's account too (same session!) | |
| session_start(); | |
| if( isset($_GET['password']) && $_GET['password'] == 'blissfulignorance' ) { | |
| // To fix this problem, run the following function before you log a user in: | |
| // session_regenerate_id() | |
| $_SESSION['logged_in'] = true; | |
| $_SESSION['logged_in_as'] = 'Mark J.'; | |
| } | |
| if( isset($_SESSION['logged_in']) && $_SESSION['logged_in'] ) { | |
| echo "You are logged in as ", htmlentities($_SESSION['logged_in_as'],ENT_QUOTES,'UTF-8'); | |
| } else { | |
| echo "You are not logged in"; | |
| } | |
| echo "<br>", "Your session ID is " . session_id(); | |
| ?> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment