| 제목 | tittuvarghese CollegeManagementSystem 1.0 Session Fixation Leading to Account Takeover |
|---|
| 설명 | The login script initialises a session with `session_start()` at line 3 but fails to regenerate the session identifier after a successful login. When the user’s credentials are validated, the server stores the authentication data into the existing session and redirects to the dashboard:
```php
session_start();
...
$_SESSION['UserAuthData']=$UserAuthData;
header('Location: dashboard.php');
```
Because session_regenerate_id(true) is never called, the session ID remains the same as before the login. An attacker can obtain a valid session ID (e.g., by visiting the site, or by setting an arbitrary PHPSESSID cookie) and trick a victim into authenticating with that same ID. Once the victim logs in, the attacker can reuse the now‑authenticated session ID and gain full access to the victim’s account. |
|---|
| 원천 | ⚠️ https://github.com/tittuvarghese/CollegeManagementSystem/issues/4 |
|---|
| 사용자 | songlan (UID 98308) |
|---|
| 제출 | 2026. 05. 18. PM 05:33 (20 날 ago) |
|---|
| 모더레이션 | 2026. 06. 05. AM 10:10 (18 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 368873 [tittuvarghese CollegeManagementSystem /login-form.php session_start UserAuthData 약한 인증] |
|---|
| 포인트들 | 20 |
|---|