Hi
I had a problem with what my host called "a spate of insecure PHP applications being used to upload proxying applications" which I think has been solved, however I've just spotted this when trying to validate my HTML:
<form action="abc.php4" method="post"><input type="hidden" name="PHPSESSID" value="aada9a6f795cb72df1ef8b8f61d2715c" /><div class="secondColThird"><input type="submit" value="register"></div></form>
The HTML validator wants the <input type> to be within the <div>. Problem is, I didn't put the <input type="hidden" name="PHPSESSID" value="aada9a6f795cb72df1ef8b8f61d2715c" /> in there, it's just appeared.
So. Should it be there? Is this just sessions working like they should? I've never seen it before.
Or have I got Russian Big Boobs all over again :-)
Oh, I just put the site onto a different server on a different host and .. I've taken another look, I did get the PHPSESSID thing inserted, so I guess it's standard stuff.
Looks like someone may have manipulated your pages to make them vulnerable to session fixation attacks. This is where they'll define a preset PHPSESSID that'll be used when you start your session on the next page. The PHPSESSID is supposed to be unique and hard to guess, but using this method, now they'll know what the ID is and it'll be easy for them to craft a session cookie with the same value and take over your session.
-- ---John Holmes...
Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/
php|architect: The Magazine for PHP Professionals – www.phparch.com
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
