On Sun, Feb 10, 2013 at 12:19 AM, Stephen <stephe...@rogers.com> wrote:

> On 13-02-09 04:11 PM, Matijn Woudt wrote:
>> On Sat, Feb 9, 2013 at 9:59 PM, Tedd Sperling <t...@sperling.com> wrote:
>> Jonathan:
>> No offense to your routine, but you may want to review this:
>> http://sperling.com/php/**authorization/log-on.php<http://sperling.com/php/authorization/log-on.php>
>> If anyone finds an error, please post.
>> Cheers,
>> tedd
>> Well, I hope you're not actually storing passwords plain text in real life
>> examples.
>> Other than that, this method allows session hijacking.
>> - Matijn
>>  Can you explain how a session could be hijacked?
> Thank you!
> --
> Stephen

Just basic session stuff first:
When you start a session, PHP sends a cookie header in return to the
client. This cookie header includes a session id. On next requests your
browser will send this same session id back to the server. Now the server
knows which session belongs to this client.
Now to the session hijack stuff:
I assume we are on a normal http server (not https), then this session id
will be send plain text in the http headers. Now, assume we are both
connected to a hotspot, then I will be able to read all traffic that passes
on to this hotspot, a so called man-in-the-middle attack. Once you have
logged in, I can get the cookie that contains the session id. Now I can
request the private part if I send that same cookie with it.

There are more forms of this attack, but they are more complicated. An SSL
secured connection solves most, but even with https, it is possible to do
this kind of attack.

For more info I'd like to refer to google;)

- Matijn

Reply via email to