Archive for October, 2010

Types of Session attacks

Posted: October 7, 2010 in PHP, Technology

1. Session fixation: – Session fixation attacks attempt to exploit the vulnerability of a system which allows one person to fixate another person’s session identifier (SID). Most session fixation rely on session identifiers being accepted from URLs (query string) or POST data.

For example, this type of attack can come from a link like this:

<a href=http://www.xyz.com/test.php?PHPSESSID=1234> Press here </a> (more…)

Advertisements