Board index   FAQ   Search  
Register  Login
Board index System Administration Server security

Session Hijacking

Discussions about server security -- questions and answeres

Moderators: macek, egami, gesf

Session Hijacking

Postby red fox » Wed Oct 04, 2006 3:03 am

hello everyone,
i need information about Session Hijacking
how prodect my site from that
thanks in advance your help
red fox :help:
red fox
New php-forum User
New php-forum User
 
Posts: 39
Joined: Tue Nov 22, 2005 8:14 am

Postby gesf » Wed Oct 04, 2006 7:53 am

If you have a MySQL based session handler than a problem whould be the SQL injection :)
User avatar
gesf
Moderator
Moderator
 
Posts: 1718
Joined: Sun Dec 29, 2002 5:03 am
Location: Portugal / Sweden

Re: Session Hijacking

Postby thcx » Wed Jan 12, 2011 5:40 pm

Look into session_regenerate_id().
thcx
New php-forum User
New php-forum User
 
Posts: 3
Joined: Wed Jan 12, 2011 5:25 pm
Location: Europe

Re: Session Hijacking

Postby roejim » Thu Sep 29, 2011 5:14 pm

It really is interesting if you could get the login cookie of a certain user by sniffing of data over the network.

I suggest that you take a look at wireshark which is a tool that lets you take note of network activity and with that you are given the ability to trace login and logout processes.

You just have to find the proper beans and you are good to go. You can just save the session cookie and use it just like you entered on your own. A lot of similar hijacking are done on simpler sites like Facebook.
roejim
New php-forum User
New php-forum User
 
Posts: 5
Joined: Thu Sep 29, 2011 1:26 am


Return to Server security

Who is online

Users browsing this forum: No registered users and 1 guest

Sponsored by Sitebuilder Web hosting and Traduzioni Italiano Rumeno and antispam for cPanel.

cron