!! - Append the cookie parameter to the URL:
!! * /the/url/?id=1&PHPSESSID=w3af-session-fixation
!! * /the/url/?id=1&FOOBAR=w3af-session-fixation
Hi Andres,
Session Fixation can be done in more than just this way. For example:
* /the/url;jsessionid=w3af-session-fixation/?id=1
* /the;jsessionid=w3af-session-fixation/url/?id=1
* /the(w3af-session-fixation)/url/?id=1
* /the/url/?id=1
Cookie: JSESSIONID=w3af-session-fixation
Happy coding
Achim
------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
trial. Simplify your report design, integration and deployment - and focus on
what you do best, core application coding. Discover what's new with
Crystal Reports now. http://p.sf.net/sfu/bobj-july
_______________________________________________
W3af-develop mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/w3af-develop
