PHP session.use_only_cookies disabled

Description

This vulnerability was detected using the information from phpinfo() page.
When the “use_only_cookies” option is disabled, PHP will pass the session’s ID through the Uniform Resource Locator (URL), this means you, and other users of your websites, may be exposed to session-type attacks.

In this case, an attacker could easily impersonate a legitimate user by stealing his Session ID\Token.

Recommendation

Simply enable the “session.use_only_cookies” option from php.ini or .htaccess.

References

https://cwe.mitre.org/data/definitions/598.html

< Return to all Vulnerabilities

Man-In-The-Middle Attacks

Do you know these people who just push themselves into conversations?That’s Man-In-The-Middle Attacks. And from a wider angle, Man-In-The-Middle Attacks, or MITM, are built around

Read More »

Blue Team

We’ve talked about The Red Team before, but what about The Blue Team? How is this group different from the red one? Why would we

Read More »

What is Kayran

Kayran scanner is helping all businesses, both SMBs and enterprises, to test their online assets and products for over 30,000+ vulnerabilities.Kayran’s mission is to make

Read More »

HAR Files

In this article, I’ll talk and explain about HAR Files, so if you don’t know what they are, or, what do we use them for,

Read More »