Submeter #844641: https://www.sourcecodester.com/ CET Automated Grading System with AI Predictive Analytics in PHP and MySQL 1.0 Session Fixationinformação

Títulohttps://www.sourcecodester.com/ CET Automated Grading System with AI Predictive Analytics in PHP and MySQL 1.0 Session Fixation
DescriçãoA Session Fixation vulnerability exists in the CET AI Predictive Grading System. After successful authentication, the application writes user data to $_SESSION but never calls session_regenerate_id(true) to issue a new session ID. This allows an attacker who can obtain or plant a known session ID on the victim's browser to inherit the fully authenticated session after the victim logs in, without needing to know the victim's credentials. Vulnerable Code (index.php lines 84-92): $_SESSION['user_id'] = $user['id']; $_SESSION['username'] = $user['username']; $_SESSION['name'] = $user['name']; $_SESSION['role'] = $user['role']; $_SESSION['student_id']= $user['student_id'] ?? null; // session_regenerate_id(true) is never called An attacker can fixate a known session ID on the victim's browser and wait for the victim to log in. Since the session ID never changes after authentication, the attacker inherits the fully authenticated session. Steps to Reproduce: 1. Attacker obtains a valid session ID by visiting: http://[host]/PersonalAGS/index.php 2. Attacker plants the known session ID on victim's browser via XSS or network sniffing on HTTP 3. Victim logs in using their credentials 4. Session ID remains unchanged after login 5. Attacker uses the pre-known session ID to access the application as the authenticated victim Extended Attack Scenario: - Combine with the Reflected XSS vulnerability already found in this application to plant the session ID: http://[host]/PersonalAGS/index.php?action= <script>document.cookie='PHPSESSID=attacker_known_id'</script> - Wait for victim to login - Attacker now has full authenticated access as the victim Impact: - Complete account takeover without knowing credentials - Admin, faculty or student account hijacking - Access to all grade records and system functions - Bypasses authentication entirely Affected File: index.php Affected Lines: 84-92 Auth Required: No User Interaction: Required (victim must log in) CWE: CWE-384 CVSS: 6.8 (Medium) 1. Call session_regenerate_id(true) immediately after successful login: if ($user && password_verify($password, $user['password'])) { session_regenerate_id(true); // Add this line $_SESSION['user_id'] = $user['id']; $_SESSION['username'] = $user['username']; $_SESSION['name'] = $user['name']; $_SESSION['role'] = $user['role']; $_SESSION['student_id'] = $user['student_id'] ?? null; } 2. Call session_regenerate_id(true) again on logout: session_regenerate_id(true); session_destroy(); 3. Set secure session cookie parameters: session_set_cookie_params([ 'httponly' => true, 'secure' => true, 'samesite' => 'Strict' ]); 4. Implement session expiry and idle timeout: if(isset($_SESSION['last_active']) && (time() - $_SESSION['last_active'] > 1800)) { session_destroy(); header("Location: index.php"); } $_SESSION['last_active'] = time();
Fonte⚠️ https://cwe.mitre.org/data/definitions/384.html
Utilizador
 Abhay mp (UID 98542)
Submissão01/06/2026 09h26 (há 1 mês)
Moderação03/07/2026 15h58 (1 month later)
EstadoAceite
Entrada VulDB376117 [SourceCodester CET Automated Grading System with AI Predictive Analytics Autenticação fraca]
Pontos20

Might our Artificial Intelligence support you?

Check our Alexa App!