:: Backends RSS
:: Forum
:: Links
:: Articles
:: Scripts
:: Downloads
:: Submit news
:: Promote us
:: Team
:: Mail us
:: Presse
PHPSecure II

When release the trilogy ?
Perfect remake
Boring ..
It isn't a good job
                   


Search SecurePHP
DMOZ ODP Search
 Search with phpODP :
 «? phpsecure(); ?»
Submit a news
Post last news on your site
News
vendredi 04 juillet | Vulnerability with PHPSESSSID (version < 4.3.2)
Source: php.net ¬ 3774 affichages

PHP may automatically embed session IDs as part of URLs in a web page.
The automatic embedding is called "transparent SID support".

It is possible to dictate the value of the session ID using the
PHPSESSID URL parameter. PHP does little to validate the dictated ID.
Combined with lack of URL encoding and HTML encoding of automatically
embedded session IDs, this makes PHP open to Cross-site Scripting
attacks.


Original Security Bulletin

Sverre H. Huseby ± Sécurité PHP
Add a comment
Author:
Email:
Title:
Contents:

+ By adding a comment, you agree to provide a valid email adress
Your comments
» No comment.

Copyright ©+ 2004 phpsecure.info - All the team - Coded by Charlie & tobozo
- All rights reserved - DeZign by PWD
- Powered By phpSecure(); Version 2.0 - Changelog -

phpSecure belongs to webring PHP Francophone
[ Join the network | Sites of Webring | Sites randomly | << Précédent | Next >> ]





















Online: