Hi List.
I've done a few writeups on local security concerns regarding PHP's
default session handling, that I thought might interest you. There are
some new research bundled with a lot of old information which I've
compiled together with technical informative descriptions and POC
exploit code.
Local Session Hijacking in PHP
http://ha.xxor.se/2011/08/local-session-hijacking.html
Local Session Snooping in PHP
http://ha.xxor.se/2011/08/local-session-snooping-in-php.html
Local Session Poisoning in PHP Part 1: The Basics of Exploitation and
How to Secure a Server
http://ha.xxor.se/2011/09/local-session-poisoning-in-php-part-1.html
Local Session Poisoning in PHP Part 2: Promiscuous Session Files
http://ha.xxor.se/2011/09/local-session-poisoning-in-php-part-2.html
Local Session Poisoning in PHP Part 3: Bypassing Suhosin's Session Encryption
http://ha.xxor.se/2011/09/local-session-poisoning-in-php-part-3.html
/Mango
Hi List.
I've done a few writeups on local security concerns regarding PHP's
default session handling, that I thought might interest you. There are
some new research bundled with a lot of old information which I've
compiled together with technical informative descriptions and POC
exploit code.
Local Session Hijacking in PHP
http://ha.xxor.se/2011/08/local-session-hijacking.html
Local Session Snooping in PHP
http://ha.xxor.se/2011/08/local-session-snooping-in-php.html
Local Session Poisoning in PHP Part 1: The Basics of Exploitation and
How to Secure a Server
http://ha.xxor.se/2011/09/local-session-poisoning-in-php-part-1.html
Local Session Poisoning in PHP Part 2: Promiscuous Session Files
http://ha.xxor.se/2011/09/local-session-poisoning-in-php-part-2.html
Local Session Poisoning in PHP Part 3: Bypassing Suhosin's Session Encryption
http://ha.xxor.se/2011/09/local-session-poisoning-in-php-part-3.html
/Mango
