PHP session.use_only_cookies disabled

Description

This vulnerability was detected using the information from phpinfo() page.
When the “use_only_cookies” option is disabled, PHP will pass the session’s ID through the Uniform Resource Locator (URL), this means you, and other users of your websites, may be exposed to session-type attacks.

In this case, an attacker could easily impersonate a legitimate user by stealing his Session ID\Token.

Recommendation

Simply enable the “session.use_only_cookies” option from php.ini or .htaccess.

< Return to all Vulnerabilities

The Cloud

I’m pretty sure there isn’t a single adult in the world who hasn’t at least heard of The Cloud. Explaining “The Cloud” in 2022 may

Read More »

HTTP VS. HTTPS

You must have once wondered what HTTP means and what is the difference between that ugly word to HTTPS, and if not, then please read

Read More »