WebApp Sec mailing list archives
PHP's session_set_save_handler: Easy to Get Things Wrong
From: "Sverre H. Huseby" <shh () thathost com>
Date: Tue, 13 May 2003 23:53:45 +0200
First: This is not a vulnerability in PHP itself, but one of those design decision that makes it easy to write vulnerable PHP applications. PHP allows outside users to dictate the session ID by manipulating the PHPSESSID cookie parameter. When a custom made session save handler is used, the incoming ID is not validated by PHP. PHP thus passes a string of any length, containing any character to the custom made handler functions. If the programmer writing the session save handler is not aware that the ID may be anything, the application may become vulnerable to different kinds of attacks depending on how the session is persisted. Details: http://shh.thathost.com/secadv/2003-05-13-php.txt Sverre. -- shh () thathost com http://shh.thathost.com/
Current thread:
- PHP's session_set_save_handler: Easy to Get Things Wrong Sverre H. Huseby (May 13)