1. Session fixation: – Session fixation attacks attempt to exploit the vulnerability of a system which allows one person to fixate another person’s session identifier (SID). Most session fixation rely on session identifiers being accepted from URLs (query string) or POST data.
For example, this type of attack can come from a link like this:
<a href=http://www.xyz.com/test.php?PHPSESSID=1234> Press here </a> (more…)