PHP session.use_only_cookies disabled

Description

This vulnerability was detected using the information from phpinfo() page.
When the “use_only_cookies” option is disabled, PHP will pass the session’s ID through the Uniform Resource Locator (URL), this means you, and other users of your websites, may be exposed to session-type attacks.

In this case, an attacker could easily impersonate a legitimate user by stealing his Session ID\Token.

Recommendation

Simply enable the “session.use_only_cookies” option from php.ini or .htaccess.

References

https://cwe.mitre.org/data/definitions/598.html

< Return to all Vulnerabilities

Passwords 101

Unlike basketballs, “passwords” are things we don’t want to be passed around, especially in a society built around the idea that “mystery” is appealing. We

Read More »

Exposing the GIT

Let’s start with defining the meaning of GIT. GIT – is an open-source system which we use as a tool to store data and information

Read More »

Red Team

You’ve probably heard that there are teams in the Cyber field called Red Team and Blue Team. Let’s talk about the red one, shall we?

Read More »

Blue Team

We’ve talked about The Red Team before, but what about The Blue Team? How is this group different from the red one? Why would we

Read More »