Difference between revisions of "Session hijacking"

Latest revision as of 22:00, 19 May 2012

Maybe some examples of XSS/CSRF for this?

Session hijacking is yet another vulnerability in the world wide web. Session hijacking works when an attacker re-uses someone else’s HTTP or PHP session when the session has not expired yet, giving the attacker access to the session-based web site as the user that the hijacked session came from. Cookie-based authentication is another flaw in the world wide web. If an attacker is sniffing a connection between a user and a server, the attacker could hijack and intercept the user’s cookie, impersonating the user and giving the attacker that user’s access to the cookie-based web site. Flaws like this will not currently flag in Cisco IDS.

Revision as of 04:31, 2 May 2012 (view source) GertieUbpgdd (Talk \| contribs) ← Older edit	Latest revision as of 22:00, 19 May 2012 (view source) LashawnSeccombe (Talk \| contribs)
(One intermediate revision by one other user not shown)
(No difference)

Difference between revisions of "Session hijacking"

Latest revision as of 22:00, 19 May 2012

Navigation menu

Views

Personal tools

Wiki

Community

Search

Tools