Session Fixation

From Hakipedia

Jump to: navigation, search

Session Fixation exploit a vulnerability in a web application allowing the attacker to hi-jack a legitimate users account.

During an attack the attacker will give the victim a link (or use an xss vulnerability) which has a pre defined session identifier. The trick here is that when the victim logs in after visiting this link (and the website has no session security enabled) the attacker now knows the session ID and can set his own session ID to that of the one he gave to the victim in order to gain access to the account.

[edit] Severity

High

[edit] Exploit Likeliness

Medium

[edit] Exploit Example

In the following example the attacker is Bob and the victim is Jane. The website which is vulnerable is http://bank.com.

  • Bob has noticed that when he logs in to bank.com that it automatically assigns him a session ID in a GET variable. Hmm..
  • Bob then sends an email to Jane informing her that bank.com now offers new features (etc etc) and that she can access the site via the following link: http://bank.com/?sess=034945882309.
  • Jane follows the link provided by Bob and is confronted with the usual login page. She logs in as usual goes about her business.
  • Bob now knows Jane's session ID and can log in to her bank account by manually setting his session id to the one he gave her.


This article is incomplete

Retrieved from "http://hakipedia.com/index.php/Session_Fixation"
Personal tools
social bookmarking




affiliates

Enigma Group